An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
References
Link | Resource |
---|---|
https://hackerone.com/reports/1543773 | Exploit Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202212-01 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220609-0008/ | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5197 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
|
History
27 Mar 2024, 15:02
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:* cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:* |
|
First Time |
Splunk
Splunk universal Forwarder |
23 Feb 2023, 17:59
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
29 Jan 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Jan 2023, 18:09
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp h700s
Netapp h500s Netapp solidfire \& Hci Management Node Netapp h410s Netapp clustered Data Ontap Netapp hci Compute Node Brocade fabric Operating System Netapp h300s Netapp hci Bootstrap Os Netapp h410s Firmware Netapp h700s Firmware Netapp Netapp h300s Firmware Brocade Netapp h500s Firmware Netapp solidfire \& Hci Storage Node |
|
CPE | cpe:2.3:o:brocade:fabric_operating_system:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* |
|
References | (GENTOO) https://security.gentoo.org/glsa/202212-01 - Third Party Advisory |
19 Dec 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Dec 2022, 18:57
Type | Values Removed | Values Added |
---|---|---|
First Time |
Debian
Debian debian Linux |
|
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5197 - Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
02 Aug 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2022, 18:11
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220609-0008/ - Third Party Advisory | |
References | (MISC) https://hackerone.com/reports/1543773 - Exploit, Third Party Advisory | |
First Time |
Haxx curl
Haxx |
|
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.7 |
CPE | cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* | |
CWE | CWE-522 |
09 Jun 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Jun 2022, 14:53
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-02 14:15
Updated : 2024-03-27 15:02
NVD link : CVE-2022-27774
Mitre link : CVE-2022-27774
CVE.ORG link : CVE-2022-27774
JSON object : View
Products Affected
netapp
- h700s_firmware
- h700s
- h300s_firmware
- h410s
- h500s_firmware
- hci_compute_node
- solidfire_\&_hci_storage_node
- h410s_firmware
- solidfire_\&_hci_management_node
- hci_bootstrap_os
- h500s
- clustered_data_ontap
- h300s
debian
- debian_linux
splunk
- universal_forwarder
brocade
- fabric_operating_system
haxx
- curl
CWE
CWE-522
Insufficiently Protected Credentials