FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squid -- Exposure of sensitive information in cache manager

Affected packages
squid < 5.7

Details

VuXML ID f9ada0b5-3d80-11ed-9330-080027f5fec9
Discovery 2022-04-17
Entry 2022-09-26

Mikhail Evdokimov (aka konata) reports:

Due to inconsistent handling of internal URIs Squid is vulnerable to Exposure of Sensitive Information about clients using the proxy. This problem allows a trusted client to directly access cache manager information bypassing the manager ACL protection. The available cache manager information contains records of internal network structure, client credentials, client identity and client traffic behaviour.

References

CVE Name CVE-2022-41317
URL https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq