When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2022/Oct/28 | Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2022/Oct/41 | Mailing List Third Party Advisory |
https://hackerone.com/reports/1573634 | Exploit Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/ | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202212-01 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220915-0003/ | Third Party Advisory |
https://support.apple.com/kb/HT213488 | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5197 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
|
Configuration 11 (hide)
|
History
27 Mar 2024, 15:00
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:* cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:* |
|
First Time |
Splunk
Splunk universal Forwarder |
|
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/ - Mailing List, Third Party Advisory |
07 Nov 2023, 03:47
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
05 Jan 2023, 17:44
Type | Values Removed | Values Added |
---|---|---|
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Oct/28 - Mailing List, Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Oct/41 - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202212-01 - Third Party Advisory |
19 Dec 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Nov 2022, 02:36
Type | Values Removed | Values Added |
---|---|---|
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Oct/41 - Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT213488 - Third Party Advisory | |
First Time |
Apple macos
Apple |
|
CPE | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* |
30 Oct 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Oct 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Sep 2022, 19:51
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp h410s Firmware
Netapp element Software Fedoraproject Fedoraproject fedora Netapp bootstrap Os Netapp h300s Firmware Netapp h700s Firmware Debian Netapp h500s Firmware Netapp clustered Data Ontap Netapp h500s Netapp h700s Netapp h300s Netapp solidfire Debian debian Linux Netapp h410s Netapp hci Management Node Netapp Netapp hci Compute Node |
|
CPE | cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:* |
|
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5197 - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220915-0003/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/ - Mailing List, Third Party Advisory |
15 Sep 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Aug 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Jul 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jul 2022, 17:38
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-276 | |
CPE | cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
References | (MISC) https://hackerone.com/reports/1573634 - Exploit, Third Party Advisory | |
First Time |
Haxx curl
Haxx |
07 Jul 2022, 13:17
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-07 13:15
Updated : 2024-03-27 15:00
NVD link : CVE-2022-32207
Mitre link : CVE-2022-32207
CVE.ORG link : CVE-2022-32207
JSON object : View
Products Affected
netapp
- h700s_firmware
- element_software
- hci_management_node
- clustered_data_ontap
- hci_compute_node
- h700s
- h300s_firmware
- bootstrap_os
- h300s
- h500s
- h410s
- h410s_firmware
- solidfire
- h500s_firmware
debian
- debian_linux
splunk
- universal_forwarder
apple
- macos
fedoraproject
- fedora
haxx
- curl