CVE-2022-41317

Public on 2022-12-17

Modified on 2024-07-11

Description

A flaw was found in squid. A trusted client can directly access the cache manager information, bypassing the manager ACL protection and resulting in information disclosure.

Severity

Medium

See what this means

CVSS v3 Base Score

6.5

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
Amazon Linux 1	squid	2023-02-22	ALAS-2023-1687	Fixed
Amazon Linux 2 - Core	squid	2023-02-21	ALAS2-2023-1950	Fixed
Amazon Linux 2 - Squid4 Extra	squid	2023-09-25	ALAS2SQUID4-2023-002	Fixed
Amazon Linux 2 - Squid4 Extra	squid	2023-09-25	ALAS2SQUID4-2023-009	Fixed
Amazon Linux 2 - Squid4 Extra	squid	2023-10-05	ALAS2SQUID4-2023-010	Fixed
Amazon Linux 2023	squid			Not Affected

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
NVD	CVSSv3	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2022-41317 Mitre: CVE-2022-41317