CVE-2024-50306

Apache Traffic Server: Server process can fail to drop privilege

Description

Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.

INFO

Published Date :

2024-11-14T09:55:43.037Z

Last Modified :

2025-11-03T20:45:12.036Z

Source :

apache

AFFECTED PRODUCTS

The following products are affected by CVE-2024-50306 vulnerability.

Vendors	Products
Apache	Traffic Server
Apache Software Foundation	Apache Traffic Server

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-50306.

URL	Resource
https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y
https://lists.debian.org/debian-lts-announce/2025/02/msg00018.html

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact