{"id":"CVE-2023-41752","summary":"Apache Traffic Server: s3_auth plugin problem with hash calculation","details":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2.\n\nUsers are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue.","modified":"2026-05-15T11:54:31.692680889Z","published":"2023-10-17T06:57:47.508Z","database_specific":{"cna_assigner":"apache","unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"8.0.0"},{"last_affected":"8.1.8"},{"introduced":"9.0.0"},{"last_affected":"9.2.2"}]},{"source":"DESCRIPTION","extracted_events":[{"introduced":"8.0.0"},{"fixed":"8.1.8"},{"introduced":"9.0.0"},{"fixed":"9.2.2"}]}],"cwe_ids":["CWE-200"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/41xxx/CVE-2023-41752.json"},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/41xxx/CVE-2023-41752.json"},{"type":"ADVISORY","url":"https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41752"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5549"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}