CVE-2026-45180
Session ID Leak in Catalyst::Plugin::Statsd
Publication date: 2026-05-10
Last updated on: 2026-05-10
Assigner: CPANSec
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| catalyst | plugin | to 0.10.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in Catalyst::Plugin::Statsd versions through 0.10.0 for Perl, where session IDs may be leaked.
If the communication channel to the statsd daemon is not secured, such as when UDP packets are sent to a host on another network, an attacker may be able to intercept these session IDs.
Leaked session IDs can be used by attackers as authentication tokens, potentially allowing unauthorized access.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the vulnerability, ensure that the communication channel to the statsd daemon is secured.
- Avoid sending UDP packets to hosts on other networks.
- Use secure communication methods to prevent session id leakage.
How can this vulnerability impact me? :
This vulnerability can lead to session ID leakage if the communication to the statsd daemon is not properly secured.
An attacker who obtains these session IDs could impersonate legitimate users by using the session IDs as authentication tokens.
This could result in unauthorized access to user accounts or sensitive information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session IDs if the communication channel to the statsd daemon is not secured. This leakage could allow attackers to use session IDs as authentication tokens.
Leaking session IDs can lead to unauthorized access to user sessions, which may result in exposure of personal or sensitive data. Such exposure could potentially violate data protection regulations like GDPR or HIPAA, which require safeguarding user authentication and personal information.
Therefore, if exploited, this vulnerability could negatively impact compliance with standards that mandate secure handling of authentication tokens and protection of user data.