CVE-2022-41317
Publication date 23 September 2022
Last updated 24 July 2024
Ubuntu priority
An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| squid | ||
| 22.04 LTS jammy |
Fixed 5.2-1ubuntu4.2
|
|
| 20.04 LTS focal |
Fixed 4.10-1ubuntu1.7
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| squid3 | 22.04 LTS jammy | Not in release |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
6.5 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-5641-1
- Squid vulnerabilities
- 26 September 2022