Primary

Context

Catalyst::Plugin::Statsd Session ID Leakage Vulnerability

Vulnerability

A vulnerability exists in Catalyst::Plugin::Statsd for Perl, affecting versions prior to 0.10.0, where session IDs may be leaked over unsecured communication channels to the statsd daemon. This leakage could allow an attacker to use the session IDs as authentication tokens. The issue arises if UDP packets are sent to a host on another network without proper security measures.

Impact

Exploitation of this vulnerability could lead to unauthorized access using leaked session IDs as authentication tokens.

Remediation

Users are advised to upgrade to Catalyst::Plugin::Statsd version 0.10.0 or later, which no longer logs session IDs to statsd. If Plack::Middleware::Statsd is upgraded to version 0.9.0 or later and configured to log information securely, session IDs will be logged as HMAC signatures instead. Alternatively, a statsd daemon can be used on the same host or through a secure communications channel.

Added: May 10, 2026, 9:29 PM

Updated: May 10, 2026, 9:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

7.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

7.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Catalyst::Plugin::Statsd Session ID Leakage Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Catalyst::Plugin::Statsd

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating