CVE-2023-33933

2023-06-1408:15:09

Debian Security Bug Tracker

security-tracker.debian.org

apache traffic server

sensitive information

unauthorized actor

cve-2023-33933

upgrade

unix

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

46.5%

JSON

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions

OSVersionArchitecturePackageVersionFilename
Debian12alltrafficserver< 9.2.0+ds-2+deb12u1trafficserver_9.2.0+ds-2+deb12u1_all.deb
Debian11alltrafficserver< 8.1.7+ds-1~deb11u1trafficserver_8.1.7+ds-1~deb11u1_all.deb
Debian10alltrafficserver< 8.1.7-0+deb10u1trafficserver_8.1.7-0+deb10u1_all.deb
Debian999alltrafficserver< 9.2.1+ds-1trafficserver_9.2.1+ds-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	trafficserver	< 9.2.0+ds-2+deb12u1	trafficserver_9.2.0+ds-2+deb12u1_all.deb
Debian	11	all	trafficserver	< 8.1.7+ds-1~deb11u1	trafficserver_8.1.7+ds-1~deb11u1_all.deb
Debian	10	all	trafficserver	< 8.1.7-0+deb10u1	trafficserver_8.1.7-0+deb10u1_all.deb
Debian	999	all	trafficserver	< 9.2.1+ds-1	trafficserver_9.2.1+ds-1_all.deb