Lucene search
MitreCVELIST:CVE-2019-15052HistoryAug 14, 2019 - 7:38 p.m.
CVE-2019-15052
2019-08-1419:38:41
mitre
www.cve.org
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
77.9%
The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007.
Related
nvd
nvd
CVE-2019-15052
2019-08-14 20:15:11
CVE-2018-1000007
2018-01-24 22:29:00
CVE-2021-31879
2021-04-29 05:15:08
ubuntucve
ubuntucve
CVE-2019-15052
2019-08-14 00:00:00
CVE-2018-1000007
2018-01-24 00:00:00
CVE-2021-27023
2021-11-18 00:00:00
prion
prion
Design/Logic Flaw
2019-08-14 20:15:00
Authentication flaw
2018-01-24 22:29:00
Heap overflow
2021-11-18 15:15:00
cve
cve
CVE-2019-15052
2019-08-14 20:15:11
CVE-2018-1000007
2018-01-24 22:29:00
CVE-2021-31879
2021-04-29 05:15:08
debiancve
debiancve
CVE-2019-15052
2019-08-14 20:15:11
CVE-2018-1000007
2018-01-24 22:29:00
CVE-2021-31879
2021-04-29 05:15:08
osv
osv
CVE-2019-15052
2019-08-14 20:15:11
curl - security update
2018-01-29 00:00:00
CVE-2018-1000007
2018-01-24 22:29:00
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gradle, gradle-bootstrap (SUSE-SU-2024:1119-1)
2024-04-08 00:00:00
Debian DLA-1263-1 : curl security update
2018-01-30 00:00:00
SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2018:0217-1)
2018-01-25 00:00:00
redhatcve
redhatcve
CVE-2019-15052
2019-09-27 14:20:58
CVE-2018-1000007
2018-01-24 08:19:31
ubuntu
ubuntu
curl vulnerability
2018-02-01 00:00:00
curl vulnerabilities
2018-01-31 00:00:00
freebsd
freebsd
cURL -- Multiple vulnerabilities
2018-01-24 00:00:00
puppet -- Unsafe HTTP Redirect
2021-11-09 00:00:00
veracode
veracode
Information Disclosure
2019-01-15 09:25:18
openvas
openvas
Ubuntu: Security Advisory (USN-3554-2)
2022-08-26 00:00:00
Debian: Security Advisory (DLA-1263-1)
2018-01-30 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:0217-1)
2021-04-19 00:00:00
hackerone
hackerone
curl: Proxy-Authorization header carried to a new host on a redirect
2021-01-25 02:37:39
cvelist
cvelist
CVE-2018-1000007
2018-01-24 22:00:00
CVE-2021-31879
2021-04-29 03:03:15
CVE-2021-27023
2021-11-18 14:33:18
ibm
ibm
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerability in cURL (CVE-2018-1000007)
2023-12-07 22:31:02
symantec
symantec
cURL/libcURL CVE-2018-1000007 Information Disclosure Vulnerability
2018-01-24 00:00:00
debian
debian
[SECURITY] [DLA 1263-1] curl security update
2018-01-29 21:39:06
[SECURITY] [DSA 4098-1] curl security update
2018-01-26 09:59:00
rubygems
rubygems
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
2021-12-01 21:00:00
amazon
amazon
Important: curl
2018-02-20 20:57:00
Important: curl
2018-02-07 18:08:00
Medium: nss-pem
2019-01-07 21:51:00
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.58.0-alt1
2018-01-24 00:00:00
github
github
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
2021-12-02 17:52:45
Potential leak of authentication data to 3rd parties
2023-04-27 14:02:11
cloudfoundry
cloudfoundry
USN-3554-1: curl vulnerabilities | Cloud Foundry
2018-03-01 00:00:00
alpinelinux
alpinelinux
CVE-2021-31879
2021-04-29 05:15:00
archlinux
archlinux
[ASA-201801-26] lib32-libcurl-compat: multiple issues
2018-01-29 00:00:00
[ASA-201801-23] libcurl-compat: multiple issues
2018-01-29 00:00:00
[ASA-201801-22] lib32-curl: multiple issues
2018-01-29 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: curl-7.53.1-14.fc26
2018-01-30 17:34:43
[SECURITY] Fedora 27 Update: curl-7.55.1-9.fc27
2018-01-30 18:12:27
[SECURITY] Fedora 27 Update: curl-7.55.1-11.fc27
2018-05-23 16:00:01
slackware
slackware
[slackware-security] curl
2018-01-25 02:28:38
rosalinux
rosalinux
Advisory ROSA-SA-2021-1996
2021-07-02 18:19:54
gentoo
gentoo
cURL: Multiple vulnerabilities
2018-04-08 00:00:00
photon
photon
redhat
redhat
(RHSA-2020:0544) Moderate: curl security update
2020-02-18 13:56:21
(RHSA-2018:3157) Moderate: curl and nss-pem security and bug fix update
2018-10-30 04:24:21
(RHSA-2020:0594) Moderate: curl security update
2020-02-25 11:32:48
oraclelinux
oraclelinux
curl and nss-pem security and bug fix update
2018-11-05 00:00:00
centos
centos
curl, libcurl, nss security update
2018-11-15 18:44:09
oracle
oracle
Oracle Critical Patch Update Advisory - October 2019
2020-01-22 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
77.9%
Related for CVELIST:CVE-2019-15052