An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
References
Link | Resource |
---|---|
https://hackerone.com/reports/1526328 | Exploit Issue Tracking Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202212-01 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220609-0008/ | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5197 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
|
History
27 Mar 2024, 15:02
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:* cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:* |
|
First Time |
Splunk
Splunk universal Forwarder |
24 Jul 2023, 13:31
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-306 |
05 Jan 2023, 18:10
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:* |
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:o:brocade:fabric_operating_system:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:* |
First Time |
Brocade
Brocade fabric Operating System Netapp solidfire \& Hci Management Node Netapp solidfire \& Hci Storage Node |
|
References | (GENTOO) https://security.gentoo.org/glsa/202212-01 - Third Party Advisory |
19 Dec 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Oct 2022, 19:21
Type | Values Removed | Values Added |
---|---|---|
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5197 - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220609-0008/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* |
|
First Time |
Netapp element Software
Netapp h500s Netapp solidfire Netapp clustered Data Ontap Netapp h410s Firmware Debian Netapp hci Management Node Netapp h700s Netapp h300s Netapp bootstrap Os Debian debian Linux Netapp Netapp h300s Firmware Netapp hci Compute Node Netapp h700s Firmware Netapp h410s Netapp h500s Firmware |
29 Aug 2022, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Aug 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Jun 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Jun 2022, 13:55
Type | Values Removed | Values Added |
---|---|---|
First Time |
Haxx curl
Haxx |
|
CPE | cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* | |
CWE | CWE-287 | |
References | (MISC) https://hackerone.com/reports/1526328 - Exploit, Issue Tracking, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.5
v3 : 8.1 |
26 May 2022, 17:25
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-26 17:15
Updated : 2024-03-27 15:02
NVD link : CVE-2022-22576
Mitre link : CVE-2022-22576
CVE.ORG link : CVE-2022-22576
JSON object : View
Products Affected
netapp
- h700s_firmware
- h700s
- h300s_firmware
- h410s
- h500s_firmware
- hci_compute_node
- solidfire_\&_hci_storage_node
- h410s_firmware
- solidfire_\&_hci_management_node
- h500s
- bootstrap_os
- clustered_data_ontap
- h300s
debian
- debian_linux
splunk
- universal_forwarder
brocade
- fabric_operating_system
haxx
- curl