FreeBSD: VID-F9ADA0B5-3D80-11ED-9330-080027F5FEC9 (CVE-2022-41317): squid -- Exposure of sensitive information in cache manager
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-F9ADA0B5-3D80-11ED-9330-080027F5FEC9:
Mikhail Evdokimov (aka konata) reports:
Due to inconsistent handling of internal URIs Squid is
vulnerable to Exposure of Sensitive Information about
clients using the proxy. This problem allows a trusted
client to directly access cache manager information
bypassing the manager ACL protection. The available cache
manager information contains records of internal network
structure, client credentials, client identity and client
traffic behaviour.
Solution(s)
- freebsd-upgrade-package-squid
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center