← Back to CVE List

CVE-2023-26442

Published: 2023-08-02T13:15Z
Last Modified: 2024-11-21T07:51Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sproxyd (or who is in control of the sproxyd service) could perform a server-side request-forgery attack and make Cacheservice connect to unexpected resources. We have disabled the ability to follow HTTP redirects when connecting to sproxyd resources. No publicly available exploits are known. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt