CVE-2024-56196: 
Apache Traffic Server vulnerability analysis and mitigation

An Improper Access Control vulnerability was identified in Apache Traffic Server, tracked as CVE-2024-56196. The vulnerability affects Apache Traffic Server versions from 10.0.0 through 10.0.3. The issue was discovered by Chris McFarlen and is related to ACL compatibility issues with older versions (OSS Security, NVD).

The vulnerability has been assigned CWE-284 (Improper Access Control). According to the CVSS 3.1 scoring, it has received a base score of 6.3 (MEDIUM) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L, indicating network accessibility with low attack complexity and requiring low privileges (NVD).

The vulnerability affects the confidentiality, integrity, and availability of the system, each with a low impact rating as indicated by the CVSS score. The specific impact involves incompatible ACL behavior that could lead to improper access control (Red Hat).

Users of Apache Traffic Server 10.x are strongly recommended to upgrade to version 10.0.4 or later versions, which contains the fix for this vulnerability (OSS Security, NVD).