Search for vulnerabilities
Vulnerability details: VCID-1uq9-gjyb-aaak
Vulnerability ID VCID-1uq9-gjyb-aaak
Aliases CVE-2023-41752
Summary Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
epss 0.00160 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.00189 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.00189 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.00189 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.00189 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.003 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.0154 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.0154 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.0154 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.0154 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.0154 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.0154 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.0154 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.0154 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.0154 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.0154 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.0154 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.0154 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.0154 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.0154 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
epss 0.04145 https://api.first.org/data/v1/epss?cve=CVE-2023-41752
cvssv3.1 5.3 https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
cvssv3.1 7.5 https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
generic_textual MODERATE https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
ssvc Track https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
cvssv3.1 5.3 https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
generic_textual MODERATE https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
ssvc Track https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-41752
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-41752
cvssv3.1 5.3 https://www.debian.org/security/2023/dsa-5549
cvssv3.1 7.5 https://www.debian.org/security/2023/dsa-5549
generic_textual MODERATE https://www.debian.org/security/2023/dsa-5549
ssvc Track https://www.debian.org/security/2023/dsa-5549
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-41752
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41752
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
https://www.debian.org/security/2023/dsa-5549
1054427 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054427
cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
CVE-2023-41752 https://nvd.nist.gov/vuln/detail/CVE-2023-41752
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-13T19:48:24Z/ Found at https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-13T19:48:24Z/ Found at https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-13T19:48:24Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-13T19:48:24Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-13T19:48:24Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-41752
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-41752
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://www.debian.org/security/2023/dsa-5549
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.debian.org/security/2023/dsa-5549
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-13T19:48:24Z/ Found at https://www.debian.org/security/2023/dsa-5549
Exploit Prediction Scoring System (EPSS)
Percentile 0.53275
EPSS Score 0.00160
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.