Lucene search

K
cve[email protected]CVE-2022-22576
HistoryMay 26, 2022 - 5:15 p.m.

CVE-2022-22576

2022-05-2617:15:09
CWE-306
CWE-287
web.nvd.nist.gov
200
7
cve-2022-22576
improper authentication
vulnerability
curl
oauth2
sasl
smptp
imap
pop3
ldap
openldap

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

8

Confidence

High

EPSS

0.002

Percentile

62.2%

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).

Affected configurations

NVD
Node
haxxcurlRange7.33.07.83.0
Node
debiandebian_linuxMatch10.0
OR
debiandebian_linuxMatch11.0
Node
netappclustered_data_ontapMatch-
OR
netappsolidfire_\&_hci_management_nodeMatch-
OR
netappsolidfire_\&_hci_storage_nodeMatch-
OR
brocadefabric_operating_systemMatch-
Node
netappbootstrap_osMatch-
AND
netapphci_compute_nodeMatch-
Node
netapph300s_firmwareMatch-
AND
netapph300sMatch-
Node
netapph500s_firmwareMatch-
AND
netapph500sMatch-
Node
netapph700s_firmwareMatch-
AND
netapph700sMatch-
Node
netapph410s_firmwareMatch-
AND
netapph410sMatch-
Node
splunkuniversal_forwarderRange8.2.08.2.12
OR
splunkuniversal_forwarderRange9.0.09.0.6
OR
splunkuniversal_forwarderMatch9.1.0
CPENameOperatorVersion
haxx:curlhaxx curllt7.83.0

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "https://github.com/curl/curl",
    "versions": [
      {
        "version": "Fixed in curl 7.83.0",
        "status": "affected"
      }
    ]
  }
]

Social References

More

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

8

Confidence

High

EPSS

0.002

Percentile

62.2%