CVE-2023-26442

Name of the Vulnerable Software and Affected Versions Cacheservice (affected versions not specified)

Description The issue arises when Cacheservice is configured to use a sproxyd object-storage backend, allowing it to follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network, capable of intercepting and replaying HTTP requests to sproxyd, or in control of the sproxyd service, could perform a server-side request-forgery attack. This would enable the attacker to make Cacheservice connect to unexpected resources. The ability to follow HTTP redirects when connecting to sproxyd resources has been disabled to mitigate this issue. No publicly available exploits are known.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.