Unchecked return value can allow Apache Traffic Server to retain privileges on startup.

This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1.

Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.01044}

epss

{'score': 0.00804}


Wed, 04 Jun 2025 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache traffic Server
CPEs cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:traffic_server:*:-:*:*:*:*:*:*
Vendors & Products Apache
Apache traffic Server

Thu, 14 Nov 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache Software Foundation
Apache Software Foundation apache Traffic Server
CPEs cpe:2.3:a:apache_software_foundation:apache_traffic_server:*:*:*:*:*:*:*:*
Vendors & Products Apache Software Foundation
Apache Software Foundation apache Traffic Server
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 14 Nov 2024 10:00:00 +0000

Type Values Removed Values Added
Description Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.
Title Apache Traffic Server: Server process can fail to drop privilege
Weaknesses CWE-252
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-11-14T18:11:20.573Z

Reserved: 2024-10-21T21:01:58.173Z

Link: CVE-2024-50306

cve-icon Vulnrichment

Updated: 2024-11-14T18:10:59.786Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-14T10:15:08.230

Modified: 2025-06-04T16:15:30.250

Link: CVE-2024-50306

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.