CVE-2023-26442

CVSS 3.1 Score 3.2 of 10 (low)

Details

Published Aug 2, 2023

Updated: Jan 12, 2024

CWE ID 918

Summary

CVE-2023-26442 refers to a server-side request forgery (SSRF) vulnerability in Cacheservice. When configured to use a sproxyd object-storage backend, Cacheservice would follow HTTP redirects issued by that backend. An attacker who can intercept and replay HTTP requests to sproxyd or control the sproxyd service can manipulate Cacheservice to connect to unintended resources, potentially leading to security breaches. This issue has been addressed by disabling the ability to follow HTTP redirects when connecting to sproxyd resources. No public exploits for this vulnerability have been reported.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sMrDaz
https://www.cve.org/CVERecord?id=CVE-2023-26442
https://nvd.nist.gov/vuln/detail/CVE-2023-26442

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2023-26442

CVSS 3.1 Score 3.2 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations