Lucene search

K
cve[email protected]CVE-2022-27774
HistoryJun 02, 2022 - 2:15 p.m.

CVE-2022-27774

2022-06-0214:15:43
CWE-522
web.nvd.nist.gov
206
8
cve
2022
27774
curl
vulnerability
credentials
http
https
nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.5%

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.

Affected configurations

NVD
Node
haxxcurlRange4.9–7.82.0
Node
debiandebian_linuxMatch10.0
OR
debiandebian_linuxMatch11.0
Node
netapphci_compute_nodeMatch-
AND
netapphci_bootstrap_osMatch-
Node
netappclustered_data_ontapMatch-
OR
netappsolidfire_\&_hci_management_nodeMatch-
OR
netappsolidfire_\&_hci_storage_nodeMatch-
OR
brocadefabric_operating_systemMatch-
Node
netapph300sMatch-
AND
netapph300s_firmwareMatch-
Node
netapph500sMatch-
AND
netapph500s_firmwareMatch-
Node
netapph700sMatch-
AND
netapph700s_firmwareMatch-
Node
netapph410sMatch-
AND
netapph410s_firmwareMatch-
Node
splunkuniversal_forwarderRange8.2.0–8.2.12
OR
splunkuniversal_forwarderRange9.0.0–9.0.6
OR
splunkuniversal_forwarderMatch9.1.0
CPENameOperatorVersion
haxx:curlhaxx curlle7.82.0

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "https://github.com/curl/curl",
    "versions": [
      {
        "version": "curl 4.9 to and include curl 7.82.0 are affected",
        "status": "affected"
      }
    ]
  }
]

Social References

More

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.5%