Vulnerability Details : CVE-2023-41752
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2.
Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue.
Vulnerability category: Information leak
Products affected by CVE-2023-41752
- cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-41752
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-41752
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2023-41752
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: security@apache.org (Primary)
References for CVE-2023-41752
-
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
ATS is vulnerable to a HTTP/2 and s3 auth plugin attacks-Apache Mail ArchivesMailing List;Vendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
[SECURITY] Fedora 38 Update: trafficserver-9.2.3-1.fc38 - package-announce - Fedora Mailing-ListsMailing List
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
[SECURITY] Fedora 39 Update: trafficserver-9.2.3-1.fc39 - package-announce - Fedora Mailing-Lists
-
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
[SECURITY] [DLA 3645-1] trafficserver security update
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
[SECURITY] Fedora 37 Update: trafficserver-9.2.3-1.fc37 - package-announce - Fedora Mailing-ListsMailing List
-
https://www.debian.org/security/2023/dsa-5549
Debian -- Security Information -- DSA-5549-1 trafficserver
Jump to