CVE-2022-41317

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-41317

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41317.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-41317

Aliases

GHSA-rcg9-7fqm-83mq

Related

Published

2022-12-25T19:15:10Z

Modified

2024-09-18T03:22:02.677761Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.

References

Affected packages

Alpine:v3.19 / squid

Package

Name: squid
Purl: pkg:apk/alpine/squid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.7-r0

Affected versions

2.*

2.7.6-r0

2.7.6-r1

2.7.6-r2

2.7.6-r3

2.7.6-r4

2.7.6-r5

2.7.6-r6

2.7.6-r7

2.7.6-r8

2.7.6-r9

2.7.6-r10

2.7.6-r11

2.7.6-r12

2.7.7-r0

2.7.7-r1

2.7.7-r2

2.7.7-r3

2.7.7-r4

2.7.7-r5

2.7.9-r0

2.7.9-r1

2.7.9-r2

2.7.9-r3

2.7.9-r4

3.*

3.2.0.12-r1

3.2.0.12-r2

3.2.0.12-r3

3.2.0.12-r4

3.2.0.13-r0

3.2.0.16-r0

3.2.0.17-r0

3.2.0.17-r1

3.2.0.17-r2

3.2.0.18-r0

3.2.0.18-r1

3.2.0.19-r0

3.2.0.19-r1

3.2.2-r0

3.2.3-r0

3.2.4-r0

3.2.5-r0

3.2.6-r0

3.2.6-r1

3.2.7-r1

3.2.7-r2

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.3.5-r0

3.3.6-r0

3.3.7-r0

3.3.8-r0

3.3.8-r1

3.3.9-r0

3.3.10-r0

3.3.11-r0

3.3.11-r1

3.4.5-r0

3.4.6-r0

3.4.6-r1

3.4.7-r0

3.4.8-r0

3.4.9-r0

3.4.10-r0

3.4.11-r0

3.4.12-r0

3.5.2-r0

3.5.2-r1

3.5.3-r0

3.5.4-r0

3.5.4-r1

3.5.5-r0

3.5.6-r0

3.5.6-r1

3.5.7-r0

3.5.8-r0

3.5.10-r0

3.5.11-r0

3.5.12-r0

3.5.13-r0

3.5.14-r0

3.5.14-r1

3.5.15-r0

3.5.15-r1

3.5.16-r0

3.5.17-r0

3.5.17-r1

3.5.19-r0

3.5.19-r1

3.5.20-r0

3.5.20-r1

3.5.20-r2

3.5.22-r0

3.5.23-r0

3.5.23-r1

3.5.23-r2

3.5.23-r3

3.5.23-r4

3.5.27-r0

3.5.27-r1

3.5.27-r2

3.5.28-r0

4.*

4.2-r0

4.2-r1

4.4-r0

4.4-r1

4.6-r0

4.6-r1

4.8-r0

4.8-r1

4.9-r0

4.10-r0

4.11-r0

4.12-r0

4.13-r0

5.*

5.0.4-r0

5.0.4-r1

5.0.5-r0

5.0.6-r0

5.0.7-r0

5.0.7-r1

5.1-r0

5.1-r1

5.2-r0

5.3-r0

5.4-r0

5.4.1-r0

5.5-r0

5.6-r0

5.6-r1

5.6-r2

5.6-r3

Alpine:v3.20 / squid

Package

Name: squid
Purl: pkg:apk/alpine/squid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.7-r0

Affected versions

2.*

2.7.6-r0

2.7.6-r1

2.7.6-r2

2.7.6-r3

2.7.6-r4

2.7.6-r5

2.7.6-r6

2.7.6-r7

2.7.6-r8

2.7.6-r9

2.7.6-r10

2.7.6-r11

2.7.6-r12

2.7.7-r0

2.7.7-r1

2.7.7-r2

2.7.7-r3

2.7.7-r4

2.7.7-r5

2.7.9-r0

2.7.9-r1

2.7.9-r2

2.7.9-r3

2.7.9-r4

3.*

3.2.0.12-r1

3.2.0.12-r2

3.2.0.12-r3

3.2.0.12-r4

3.2.0.13-r0

3.2.0.16-r0

3.2.0.17-r0

3.2.0.17-r1

3.2.0.17-r2

3.2.0.18-r0

3.2.0.18-r1

3.2.0.19-r0

3.2.0.19-r1

3.2.2-r0

3.2.3-r0

3.2.4-r0

3.2.5-r0

3.2.6-r0

3.2.6-r1

3.2.7-r1

3.2.7-r2

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.3.5-r0

3.3.6-r0

3.3.7-r0

3.3.8-r0

3.3.8-r1

3.3.9-r0

3.3.10-r0

3.3.11-r0

3.3.11-r1

3.4.5-r0

3.4.6-r0

3.4.6-r1

3.4.7-r0

3.4.8-r0

3.4.9-r0

3.4.10-r0

3.4.11-r0

3.4.12-r0

3.5.2-r0

3.5.2-r1

3.5.3-r0

3.5.4-r0

3.5.4-r1

3.5.5-r0

3.5.6-r0

3.5.6-r1

3.5.7-r0

3.5.8-r0

3.5.10-r0

3.5.11-r0

3.5.12-r0

3.5.13-r0

3.5.14-r0

3.5.14-r1

3.5.15-r0

3.5.15-r1

3.5.16-r0

3.5.17-r0

3.5.17-r1

3.5.19-r0

3.5.19-r1

3.5.20-r0

3.5.20-r1

3.5.20-r2

3.5.22-r0

3.5.23-r0

3.5.23-r1

3.5.23-r2

3.5.23-r3

3.5.23-r4

3.5.27-r0

3.5.27-r1

3.5.27-r2

3.5.28-r0

4.*

4.2-r0

4.2-r1

4.4-r0

4.4-r1

4.6-r0

4.6-r1

4.8-r0

4.8-r1

4.9-r0

4.10-r0

4.11-r0

4.12-r0

4.13-r0

5.*

5.0.4-r0

5.0.4-r1

5.0.5-r0

5.0.6-r0

5.0.7-r0

5.0.7-r1

5.1-r0

5.1-r1

5.2-r0

5.3-r0

5.4-r0

5.4.1-r0

5.5-r0

5.6-r0

5.6-r1

5.6-r2

5.6-r3

Debian:11 / squid

Package

Name: squid
Purl: pkg:deb/debian/squid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.13-10+deb11u2

Affected versions

4.*

4.13-10

4.13-10+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / squid

Package

Name: squid
Purl: pkg:deb/debian/squid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / squid

Package

Name: squid
Purl: pkg:deb/debian/squid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/squid-cache/squid

Affected ranges

Type: GIT
Repo: https://github.com/squid-cache/squid
Events: Introduced

1521895e24671463bf590cabcdbd2acf637ed2c1

Fixed

5bb2694408e7a42897e9efe775361579d8864de8

Affected versions

Other

SQUID_5_0_6

SQUID_5_0_7

SQUID_5_1

SQUID_5_2

SQUID_5_3

SQUID_5_4_1

SQUID_5_5

SQUID_5_6