An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
References
Link | Resource |
---|---|
https://hackerone.com/reports/1543773 | Exploit Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202212-01 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220609-0008/ | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5197 | Third Party Advisory |
https://hackerone.com/reports/1543773 | Exploit Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202212-01 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220609-0008/ | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5197 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
|
History
No history.
Information
Published : 2022-06-02 14:15
Updated : 2024-11-21 06:56
NVD link : CVE-2022-27774
Mitre link : CVE-2022-27774
CVE.ORG link : CVE-2022-27774
JSON object : View
Products Affected
netapp
- hci_bootstrap_os
- h500s_firmware
- h700s
- h410s
- hci_compute_node
- h410s_firmware
- h500s
- solidfire_\&_hci_management_node
- h700s_firmware
- clustered_data_ontap
- h300s
- solidfire_\&_hci_storage_node
- h300s_firmware
debian
- debian_linux
splunk
- universal_forwarder
brocade
- fabric_operating_system
haxx
- curl
CWE
CWE-522
Insufficiently Protected Credentials