Search for vulnerabilities
Vulnerability details: VCID-1u9n-4qyv-cudw
Vulnerability ID VCID-1u9n-4qyv-cudw
Aliases CVE-2023-41752
Summary Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
epss 0.0034 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.0034 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.0034 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.0034 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.0034 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.0034 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.0034 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.0034 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.0034 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.0034 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.0034 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
cvssv3.1 7.5 https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
ssvc Track https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
ssvc Track https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-41752
cvssv3.1 7.5 https://www.debian.org/security/2023/dsa-5549
ssvc Track https://www.debian.org/security/2023/dsa-5549
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-41752
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41752
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
https://www.debian.org/security/2023/dsa-5549
1054427 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054427
cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
CVE-2023-41752 https://nvd.nist.gov/vuln/detail/CVE-2023-41752
JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-13T19:48:24Z/ Found at https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-13T19:48:24Z/ Found at https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-13T19:48:24Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-13T19:48:24Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-13T19:48:24Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-41752
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.debian.org/security/2023/dsa-5549
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-13T19:48:24Z/ Found at https://www.debian.org/security/2023/dsa-5549
Exploit Prediction Scoring System (EPSS)
Percentile 0.5603
EPSS Score 0.0034
Published At Aug. 16, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:41:30.772846+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2023/41xxx/CVE-2023-41752.json 37.0.0