{"api_version":"1","generated_at":"2026-04-23T00:40:22+00:00","cve":"CVE-2022-41317","urls":{"html":"https://cve.report/CVE-2022-41317","api":"https://cve.report/api/cve/CVE-2022-41317.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-41317","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-41317"},"summary":{"title":"CVE-2022-41317","description":"An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2022-12-25 19:15:00","updated_at":"2023-08-08 14:22:00"},"problem_types":["CWE-697"],"metrics":[],"references":[{"url":"http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch","name":"http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch","refsource":"MISC","tags":[],"title":"","mime":"text/x-diff","httpstatus":"200","archivestatus":"200"},{"url":"https://www.openwall.com/lists/oss-security/2022/09/23/1","name":"https://www.openwall.com/lists/oss-security/2022/09/23/1","refsource":"CONFIRM","tags":[],"title":"oss-security - Fwd: [ADVISORY] SQUID-2022:1 Exposure of Sensitive Information in\n Cache Manager","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch","name":"http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch","refsource":"MISC","tags":[],"title":"","mime":"text/x-diff","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq","name":"https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq","refsource":"MISC","tags":[],"title":"SQUID-2022:1 Exposure of Sensitive Information in Cache Manager · Advisory · squid-cache/squid · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-41317","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41317","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"41317","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"squid-cache","cpe5":"squid","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"41317","vulnerable":"1","versionEndIncluding":"4.17","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"squid-cache","cpe5":"squid","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-41317","qid":"181132","title":"Debian Security Update for squid (DLA 3151-1)"},{"cve":"CVE-2022-41317","qid":"181146","title":"Debian Security Update for squid (DSA 5258-1)"},{"cve":"CVE-2022-41317","qid":"184816","title":"Debian Security Update for squid (CVE-2022-41317)"},{"cve":"CVE-2022-41317","qid":"198961","title":"Ubuntu Security Notification for Squid Vulnerabilities (USN-5641-1)"},{"cve":"CVE-2022-41317","qid":"283170","title":"Fedora Security Update for squid (FEDORA-2022-c8cad41c95)"},{"cve":"CVE-2022-41317","qid":"283171","title":"Fedora Security Update for squid (FEDORA-2022-23e6ee1fb9)"},{"cve":"CVE-2022-41317","qid":"354752","title":"Amazon Linux Security Advisory for squid : ALAS-2023-1687"},{"cve":"CVE-2022-41317","qid":"354783","title":"Amazon Linux Security Advisory for squid : ALAS2-2023-1950"},{"cve":"CVE-2022-41317","qid":"356199","title":"Amazon Linux Security Advisory for squid : ALASSQUID4-2023-009"},{"cve":"CVE-2022-41317","qid":"356205","title":"Amazon Linux Security Advisory for squid : ALASSQUID4-2023-002"},{"cve":"CVE-2022-41317","qid":"356506","title":"Amazon Linux Security Advisory for squid : ALAS2SQUID4-2023-002"},{"cve":"CVE-2022-41317","qid":"356609","title":"Amazon Linux Security Advisory for squid : ALAS2SQUID4-2023-010"},{"cve":"CVE-2022-41317","qid":"505939","title":"Alpine Linux Security Update for squid"},{"cve":"CVE-2022-41317","qid":"672417","title":"EulerOS Security Update for squid (EulerOS-SA-2022-2807)"},{"cve":"CVE-2022-41317","qid":"690944","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for squid (f9ada0b5-3d80-11ed-9330-080027f5fec9)"},{"cve":"CVE-2022-41317","qid":"752660","title":"SUSE Enterprise Linux Security Update for squid (SUSE-SU-2022:3533-1)"},{"cve":"CVE-2022-41317","qid":"752662","title":"SUSE Enterprise Linux Security Update for squid (SUSE-SU-2022:3532-1)"},{"cve":"CVE-2022-41317","qid":"752677","title":"SUSE Enterprise Linux Security Update for squid (SUSE-SU-2022:3596-1)"},{"cve":"CVE-2022-41317","qid":"753450","title":"SUSE Enterprise Linux Security Update for squid (SUSE-SU-2022:3531-1)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-41317","ASSIGNER":"cve@mitre.org","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a","version_affected":"?"}]}}]}}]}},"references":{"reference_data":[{"url":"https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq","refsource":"MISC","name":"https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq"},{"url":"http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch","refsource":"MISC","name":"http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch"},{"url":"http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch","refsource":"MISC","name":"http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch"},{"url":"https://www.openwall.com/lists/oss-security/2022/09/23/1","refsource":"MISC","name":"https://www.openwall.com/lists/oss-security/2022/09/23/1"}]}},"nvd":{"publishedDate":"2022-12-25 19:15:00","lastModifiedDate":"2023-08-08 14:22:00","problem_types":["CWE-697"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndIncluding":"4.17","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.6","versionEndExcluding":"5.7","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}