rhsa-2025:19118
Vulnerability from csaf_redhat
Published
2025-10-28 01:49
Modified
2025-11-06 23:42
Summary
Red Hat Security Advisory: squid security update
Notes
Topic
An update for squid is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects.
Security Fix(es):
* squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling (CVE-2025-62168)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for squid is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects.\n\nSecurity Fix(es):\n\n* squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling (CVE-2025-62168)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19118",
"url": "https://access.redhat.com/errata/RHSA-2025:19118"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2404736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404736"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19118.json"
}
],
"title": "Red Hat Security Advisory: squid security update",
"tracking": {
"current_release_date": "2025-11-06T23:42:41+00:00",
"generator": {
"date": "2025-11-06T23:42:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.11"
}
},
"id": "RHSA-2025:19118",
"initial_release_date": "2025-10-28T01:49:06+00:00",
"revision_history": [
{
"date": "2025-10-28T01:49:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-28T01:49:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-06T23:42:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:5.2-1.el9_0.9.src",
"product": {
"name": "squid-7:5.2-1.el9_0.9.src",
"product_id": "squid-7:5.2-1.el9_0.9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@5.2-1.el9_0.9?arch=src\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:5.2-1.el9_0.9.aarch64",
"product": {
"name": "squid-7:5.2-1.el9_0.9.aarch64",
"product_id": "squid-7:5.2-1.el9_0.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@5.2-1.el9_0.9?arch=aarch64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:5.2-1.el9_0.9.aarch64",
"product": {
"name": "squid-debugsource-7:5.2-1.el9_0.9.aarch64",
"product_id": "squid-debugsource-7:5.2-1.el9_0.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@5.2-1.el9_0.9?arch=aarch64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:5.2-1.el9_0.9.aarch64",
"product": {
"name": "squid-debuginfo-7:5.2-1.el9_0.9.aarch64",
"product_id": "squid-debuginfo-7:5.2-1.el9_0.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@5.2-1.el9_0.9?arch=aarch64\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:5.2-1.el9_0.9.ppc64le",
"product": {
"name": "squid-7:5.2-1.el9_0.9.ppc64le",
"product_id": "squid-7:5.2-1.el9_0.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@5.2-1.el9_0.9?arch=ppc64le\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:5.2-1.el9_0.9.ppc64le",
"product": {
"name": "squid-debugsource-7:5.2-1.el9_0.9.ppc64le",
"product_id": "squid-debugsource-7:5.2-1.el9_0.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@5.2-1.el9_0.9?arch=ppc64le\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:5.2-1.el9_0.9.ppc64le",
"product": {
"name": "squid-debuginfo-7:5.2-1.el9_0.9.ppc64le",
"product_id": "squid-debuginfo-7:5.2-1.el9_0.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@5.2-1.el9_0.9?arch=ppc64le\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:5.2-1.el9_0.9.x86_64",
"product": {
"name": "squid-7:5.2-1.el9_0.9.x86_64",
"product_id": "squid-7:5.2-1.el9_0.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@5.2-1.el9_0.9?arch=x86_64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:5.2-1.el9_0.9.x86_64",
"product": {
"name": "squid-debugsource-7:5.2-1.el9_0.9.x86_64",
"product_id": "squid-debugsource-7:5.2-1.el9_0.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@5.2-1.el9_0.9?arch=x86_64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:5.2-1.el9_0.9.x86_64",
"product": {
"name": "squid-debuginfo-7:5.2-1.el9_0.9.x86_64",
"product_id": "squid-debuginfo-7:5.2-1.el9_0.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@5.2-1.el9_0.9?arch=x86_64\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:5.2-1.el9_0.9.s390x",
"product": {
"name": "squid-7:5.2-1.el9_0.9.s390x",
"product_id": "squid-7:5.2-1.el9_0.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@5.2-1.el9_0.9?arch=s390x\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:5.2-1.el9_0.9.s390x",
"product": {
"name": "squid-debugsource-7:5.2-1.el9_0.9.s390x",
"product_id": "squid-debugsource-7:5.2-1.el9_0.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@5.2-1.el9_0.9?arch=s390x\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:5.2-1.el9_0.9.s390x",
"product": {
"name": "squid-debuginfo-7:5.2-1.el9_0.9.s390x",
"product_id": "squid-debuginfo-7:5.2-1.el9_0.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@5.2-1.el9_0.9?arch=s390x\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:5.2-1.el9_0.9.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.aarch64"
},
"product_reference": "squid-7:5.2-1.el9_0.9.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:5.2-1.el9_0.9.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.ppc64le"
},
"product_reference": "squid-7:5.2-1.el9_0.9.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:5.2-1.el9_0.9.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.s390x"
},
"product_reference": "squid-7:5.2-1.el9_0.9.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:5.2-1.el9_0.9.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.src"
},
"product_reference": "squid-7:5.2-1.el9_0.9.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:5.2-1.el9_0.9.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.x86_64"
},
"product_reference": "squid-7:5.2-1.el9_0.9.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:5.2-1.el9_0.9.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:squid-debuginfo-7:5.2-1.el9_0.9.aarch64"
},
"product_reference": "squid-debuginfo-7:5.2-1.el9_0.9.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:5.2-1.el9_0.9.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:squid-debuginfo-7:5.2-1.el9_0.9.ppc64le"
},
"product_reference": "squid-debuginfo-7:5.2-1.el9_0.9.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:5.2-1.el9_0.9.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:squid-debuginfo-7:5.2-1.el9_0.9.s390x"
},
"product_reference": "squid-debuginfo-7:5.2-1.el9_0.9.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:5.2-1.el9_0.9.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:squid-debuginfo-7:5.2-1.el9_0.9.x86_64"
},
"product_reference": "squid-debuginfo-7:5.2-1.el9_0.9.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:5.2-1.el9_0.9.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:squid-debugsource-7:5.2-1.el9_0.9.aarch64"
},
"product_reference": "squid-debugsource-7:5.2-1.el9_0.9.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:5.2-1.el9_0.9.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:squid-debugsource-7:5.2-1.el9_0.9.ppc64le"
},
"product_reference": "squid-debugsource-7:5.2-1.el9_0.9.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:5.2-1.el9_0.9.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:squid-debugsource-7:5.2-1.el9_0.9.s390x"
},
"product_reference": "squid-debugsource-7:5.2-1.el9_0.9.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:5.2-1.el9_0.9.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:squid-debugsource-7:5.2-1.el9_0.9.x86_64"
},
"product_reference": "squid-debugsource-7:5.2-1.el9_0.9.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-62168",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2025-10-17T17:01:54.858939+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404736"
}
],
"notes": [
{
"category": "description",
"text": "A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol (HTTP) authentication credentials from an error response. A remote client can exploit this by triggering an error condition, which allows a malicious script to bypass browser security and disclose the username and password a trusted client uses for access. This directly compromises the security of internal application credentials and security tokens, especially when Squid is configured for backend load balancing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has rated as having the severity of Important by the Red Hat Product Security team as a successful exploitation may lead to sensitive information stored in the squid cache to be leaked, that may include authentication tokens for applications hosted behind the squid cache.\n\nThe leak happens due to squid cache not properly redacting request headers that may contain sensitive information out from error reports containing the request which triggered the error, resulting in a high confidentiality impact. The attacker does not need to have any kind of authentication to exploit this vulnerability.\n\nTo a squid instance to be considered vulnerable the email_err_data configuration may need to be turned on in the application configuration file. If the configuration entry is not present, the default behavior is to share such data letting the instance vulnerable.\n\nThe default behavior for squid in Red Hat Enterprise Linux distributions is to have email_err_data option enabled.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.src",
"AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:squid-debuginfo-7:5.2-1.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:squid-debuginfo-7:5.2-1.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:squid-debuginfo-7:5.2-1.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:squid-debuginfo-7:5.2-1.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:squid-debugsource-7:5.2-1.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:squid-debugsource-7:5.2-1.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:squid-debugsource-7:5.2-1.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:squid-debugsource-7:5.2-1.el9_0.9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62168"
},
{
"category": "external",
"summary": "RHBZ#2404736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62168",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62168"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62168",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62168"
},
{
"category": "external",
"summary": "https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f",
"url": "https://github.com/squid-cache/squid/commit/0951a0681011dfca3d78c84fd7f1e19c78a4443f"
},
{
"category": "external",
"summary": "https://github.com/squid-cache/squid/security/advisories/GHSA-c8cc-phh7-xmxr",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-c8cc-phh7-xmxr"
}
],
"release_date": "2025-10-17T16:21:30.156000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-28T01:49:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.src",
"AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:squid-debuginfo-7:5.2-1.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:squid-debuginfo-7:5.2-1.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:squid-debuginfo-7:5.2-1.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:squid-debuginfo-7:5.2-1.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:squid-debugsource-7:5.2-1.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:squid-debugsource-7:5.2-1.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:squid-debugsource-7:5.2-1.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:squid-debugsource-7:5.2-1.el9_0.9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19118"
},
{
"category": "workaround",
"details": "This vulnerability can be mitigated by disabling debug information in administration mailto links generated by Squid package. This can be accomplished in Red Hat Enterprise Linux by the following steps:\n\n1) With administrative privileges, edit the squid configuration file located at ~~~/etc/squid/squid.conf~~~\n2) Add or change this configuration entry to: ~~~email_err_data off~~~\n3) Save the configuration file\n4) Restart the squid application",
"product_ids": [
"AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.src",
"AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:squid-debuginfo-7:5.2-1.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:squid-debuginfo-7:5.2-1.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:squid-debuginfo-7:5.2-1.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:squid-debuginfo-7:5.2-1.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:squid-debugsource-7:5.2-1.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:squid-debugsource-7:5.2-1.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:squid-debugsource-7:5.2-1.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:squid-debugsource-7:5.2-1.el9_0.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.src",
"AppStream-9.0.0.Z.E4S:squid-7:5.2-1.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:squid-debuginfo-7:5.2-1.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:squid-debuginfo-7:5.2-1.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:squid-debuginfo-7:5.2-1.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:squid-debuginfo-7:5.2-1.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:squid-debugsource-7:5.2-1.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:squid-debugsource-7:5.2-1.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:squid-debugsource-7:5.2-1.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:squid-debugsource-7:5.2-1.el9_0.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…