CVE-2026-45180
Session ID Leak in Catalyst::Plugin::Statsd
Publication date: 2026-05-10
Last updated on: 2026-05-10
Assigner: CPANSec
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in Catalyst::Plugin::Statsd versions through 0.10.0 for Perl, where session IDs may be leaked.
If the communication channel to the statsd daemon is not secured, such as when UDP packets are sent to a host on another network, an attacker may be able to intercept these session IDs.
Leaked session IDs can be used by attackers as authentication tokens, potentially allowing unauthorized access.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the vulnerability, ensure that the communication channel to the statsd daemon is secured.
- Avoid sending UDP packets to hosts on other networks.
- Use secure communication methods to prevent session id leakage.
How can this vulnerability impact me? :
This vulnerability can lead to session ID leakage if the communication to the statsd daemon is not properly secured.
An attacker who obtains these session IDs could impersonate legitimate users by using the session IDs as authentication tokens.
This could result in unauthorized access to user accounts or sensitive information.