CVE-2023-41752

CVE-2023-41752: Apache Traffic Server: s3_auth plugin problem with hash calculation

Vendor Apache Software Foundation

Product Apache Traffic Server

Weakness CWE-200 · Info exposure

Published October 17, 2023

Last update June 12, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue.

Key dates

Disclosure timeline

October 17, 2023 CVE published

June 12, 2025 Record updated

Identifiers

CVE CVE-2023-41752

CWE CWE-200

Affected versions

Vendor Apache Software Foundation

Product Apache Traffic Server

Affected ≥ 8.0.0 and ≤ 8.1.8

Vendor Apache Software Foundation

Product Apache Traffic Server

Affected ≥ 9.0.0 and ≤ 9.2.2