CVE-2024-50306

CVE-2024-50306: Apache Traffic Server: Server process can fail to drop privilege

Vendor Apache Software Foundation

Product Apache Traffic Server

Weakness CWE-252

Published November 14, 2024

Last update November 3, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.

Key dates

Disclosure timeline

November 14, 2024 CVE published

November 3, 2025 Record updated

Identifiers

CVE CVE-2024-50306

CWE CWE-252

Affected versions

Vendor Apache Software Foundation

Product Apache Traffic Server

Affected ≥ 9.2.0 and ≤ 9.2.5

Vendor Apache Software Foundation

Product Apache Traffic Server

Affected ≥ 10.0.0 and ≤ 10.0.1