Date: Mon, 26 Sep 2022 10:17:34 GMT From: Yasuhiro Kimura <yasu@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: f68c3880c699 - main - security/vuxml: Document exposure of sensitive information in cache manager of squid Message-ID: <202209261017.28QAHYf3048280@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by yasu: URL: https://cgit.FreeBSD.org/ports/commit/?id=f68c3880c6996176ada50f199d69717ae1c81c40 commit f68c3880c6996176ada50f199d69717ae1c81c40 Author: Yasuhiro Kimura <yasu@FreeBSD.org> AuthorDate: 2022-09-26 10:02:34 +0000 Commit: Yasuhiro Kimura <yasu@FreeBSD.org> CommitDate: 2022-09-26 10:17:05 +0000 security/vuxml: Document exposure of sensitive information in cache manager of squid --- security/vuxml/vuln-2022.xml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index 0f87f6dda2bb..53a35fd3aa02 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,38 @@ + <vuln vid="f9ada0b5-3d80-11ed-9330-080027f5fec9"> + <topic>squid -- Exposure of sensitive information in cache manager</topic> + <affects> + <package> + <name>squid</name> + <range><lt>5.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Mikhail Evdokimov (aka konata) reports:</p> + <blockquote cite="https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq">; + <p> + Due to inconsistent handling of internal URIs Squid is + vulnerable to Exposure of Sensitive Information about + clients using the proxy. This problem allows a trusted + client to directly access cache manager information + bypassing the manager ACL protection. The available cache + manager information contains records of internal network + structure, client credentials, client identity and client + traffic behaviour. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2022-41317</cvename> + <url>https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq</url>; + </references> + <dates> + <discovery>2022-04-17</discovery> + <entry>2022-09-26</entry> + </dates> + </vuln> + <vuln vid="f1f637d1-39eb-11ed-ab44-080027f5fec9"> <topic>redis -- Potential remote code execution vulnerability</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202209261017.28QAHYf3048280>