CVE-2022-47184

Published: Jun 14, 2023Modified: Feb 13, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0.

Affected (4)

Products: Apache: Traffic Server · Debian: Debian Linux

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apache Traffic Server	From 8.0.0 to 8.1.7
Apache Traffic Server	From 9.0.0 to 9.2.1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 11.0
Debian Debian Linux	Version 12.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs

Source: security@apache.org

Mailing List

https://lists.debian.org/debian-lts-announce/2023/06/msg00037.html

Source: security@apache.org

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6GDCBNFDDW6ULW7CACJCPENI7BVDHM5O/

Source: security@apache.org

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGWXNAEEVRUZ5JG4EJAIIFC3CI7LFETV/

Source: security@apache.org

https://www.debian.org/security/2023/dsa-5435

Source: security@apache.org

Third Party Advisory

https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs