Description
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected products
- Apache Software Foundation / Apache Traffic Server8.0.0 – 9.2.0
References
- MAILING_LISThttps://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs
- VENDOR_ADVISORYhttps://www.debian.org/security/2023/dsa-5435
- MAILING_LISThttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6GDCBNFDDW6ULW7CACJCPENI7BVDHM5O/
- MAILING_LISThttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGWXNAEEVRUZ5JG4EJAIIFC3CI7LFETV/
- MAILING_LISThttps://lists.debian.org/debian-lts-announce/2023/06/msg00037.html