A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
References
Link | Resource |
---|---|
https://hackerone.com/reports/1547048 | Exploit Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/ | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/ | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202212-01 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220609-0008/ | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5197 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
|
History
27 Mar 2024, 15:02
Type | Values Removed | Values Added |
---|---|---|
First Time |
Splunk
Splunk universal Forwarder |
|
CPE | cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:* cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:* |
|
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/ - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/ - Mailing List, Third Party Advisory |
07 Nov 2023, 03:45
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
05 Jan 2023, 18:06
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:brocade:fabric_operating_system:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* |
|
References | (GENTOO) https://security.gentoo.org/glsa/202212-01 - Third Party Advisory | |
First Time |
Netapp h700s
Netapp h500s Netapp h700s Firmware Netapp Netapp hci Bootstrap Os Netapp solidfire \& Hci Management Node Netapp h410s Netapp h300s Firmware Netapp clustered Data Ontap Netapp hci Compute Node Brocade Netapp h500s Firmware Brocade fabric Operating System Netapp h300s Netapp solidfire \& Hci Storage Node Netapp h410s Firmware |
19 Dec 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Oct 2022, 14:10
Type | Values Removed | Values Added |
---|---|---|
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5197 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/ - Mailing List, Third Party Advisory | |
First Time |
Fedoraproject
Debian debian Linux Debian Fedoraproject fedora |
|
CPE | cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
12 Sep 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Sep 2022, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Aug 2022, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Aug 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2022, 17:53
Type | Values Removed | Values Added |
---|---|---|
First Time |
Haxx curl
Haxx |
|
CWE | CWE-522 | |
CPE | cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.5 |
References | (MISC) https://hackerone.com/reports/1547048 - Exploit, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220609-0008/ - Third Party Advisory |
09 Jun 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Jun 2022, 14:53
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-02 14:15
Updated : 2024-03-27 15:02
NVD link : CVE-2022-27776
Mitre link : CVE-2022-27776
CVE.ORG link : CVE-2022-27776
JSON object : View
Products Affected
netapp
- h700s_firmware
- h300s_firmware
- h500s
- h300s
- solidfire_\&_hci_management_node
- h700s
- h410s
- h410s_firmware
- h500s_firmware
- hci_compute_node
- clustered_data_ontap
- hci_bootstrap_os
- solidfire_\&_hci_storage_node
splunk
- universal_forwarder
brocade
- fabric_operating_system
debian
- debian_linux
haxx
- curl
fedoraproject
- fedora
CWE
CWE-522
Insufficiently Protected Credentials