CVE-2022-41317
squid - security update
6.5
MEDIUM
CVSS 3.1
EPSS 2.0%
Description
An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.
How to fix CVE-2022-41317
To remediate CVE-2022-41317, upgrade the affected package to a fixed version below.
- Alpine/squid—upgrade to 5.7-r0 or later
- —upgrade to 4.13-10+deb11u2 or later
- —upgrade to 4.6-1+deb10u8 or later
- —upgrade to 4.13-10+deb11u2 or later
Is CVE-2022-41317 being exploited?
Low — EPSS is 2.0%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- from 0, < 5.7-r0
- from 0, < 4.13-10+deb11u2
- from 0, < 4.6-1+deb10u8
- from 0, < 4.13-10+deb11u2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |