Lucene search
HackeroneCVELIST:CVE-2021-22923HistoryAug 05, 2021 - 12:00 a.m.
CVE-2021-22923
2021-08-0500:00:00
CWE-319
hackerone
www.cve.org
2
When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the userโs expectations and intentions and without telling the user it happened.
CNA Affected
[
{
"vendor": "n/a",
"product": "https://github.com/curl/curl",
"versions": [
{
"version": "curl 7.27.0 to and including 7.77.0",
"status": "affected"
}
]
}
]References
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
hackerone.com/reports/1213181
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
security.gentoo.org/glsa/202212-01
security.netapp.com/advisory/ntap-20210902-0003/
www.oracle.com/security-alerts/cpuoct2021.html
Related
cve
cve
CVE-2021-22923
2021-08-05 21:15:11
nvd
nvd
CVE-2021-22923
2021-08-05 21:15:11
debiancve
debiancve
CVE-2021-22923
2021-08-05 21:15:11
cbl_mariner
cbl_mariner
CVE-2021-22923 affecting package curl for versions less than 7.76.0-5
2022-04-09 06:51:45
CVE-2021-22923 affecting package curl 7.76.0-9
2021-08-11 06:39:26
redhatcve
redhatcve
CVE-2021-22923
2021-07-21 09:20:09
veracode
veracode
Information Disclosure
2021-07-22 05:01:40
osv
osv
CVE-2021-22923
2021-08-05 21:15:11
Moderate: curl security update
2021-09-21 07:12:18
alpinelinux
alpinelinux
CVE-2021-22923
2021-08-05 21:15:11
prion
prion
Default credentials
2021-08-05 21:15:00
f5
f5
K54308152 : cURL vulnerability CVE-2021-22923
2021-08-03 00:00:00
ubuntucve
ubuntucve
CVE-2021-22923
2021-07-21 00:00:00
hackerone
hackerone
curl: CVE-2021-22923: Metalink download sends credentials
2021-05-30 21:32:16
openvas
openvas
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2627)
2021-11-03 00:00:00
openSUSE: Security Advisory for curl (openSUSE-SU-2021:1088-1)
2021-07-25 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:2462-1)
2021-07-24 00:00:00
nessus
nessus
EulerOS 2.0 SP8 : curl (EulerOS-SA-2021-2627)
2021-11-02 00:00:00
RHEL 8 : curl (RHSA-2021:3903)
2021-10-20 00:00:00
CentOS 8 : curl (CESA-2021:3582)
2021-09-22 00:00:00
redhat
redhat
(RHSA-2021:3903) Moderate: curl security update
2021-10-19 06:26:14
(RHSA-2021:3582) Moderate: curl security update
2021-09-21 07:12:18
almalinux
almalinux
Moderate: curl security update
2021-09-21 07:12:18
oraclelinux
oraclelinux
curl security update
2021-09-21 00:00:00
rocky
rocky
curl security update
2021-09-21 07:12:18
photon
photon
Moderate Photon OS Security Update - PHSA-2021-0273
2021-07-24 00:00:00
Moderate Photon OS Security Update - PHSA-2021-0069
2021-07-25 00:00:00
Moderate Photon OS Security Update - PHSA-2021-3.0-0273
2021-07-24 00:00:00
suse
suse
Security update for curl (moderate)
2021-07-21 00:00:00
Security update for curl (moderate)
2021-07-24 00:00:00
mageia
mageia
Updated curl packages fix security vulnerabilities
2021-07-27 23:21:53
slackware
slackware
[slackware-security] curl
2021-07-21 18:22:03
fedora
fedora
[SECURITY] Fedora 33 Update: curl-7.71.1-10.fc33
2021-08-07 01:14:48
[SECURITY] Fedora 34 Update: curl-7.76.1-7.fc34
2021-07-23 01:06:01
[SECURITY] Fedora 34 Update: curl-7.76.1-12.fc34
2021-09-21 15:33:29
amazon
amazon
Medium: curl
2021-09-08 23:35:00
archlinux
archlinux
[ASA-202107-59] curl: multiple issues
2021-07-21 00:00:00
freebsd
freebsd
cURL -- Multiple vulnerabilities
2021-07-21 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC
2021-11-01 20:13:42
gentoo
gentoo
curl: Multiple Vulnerabilities
2022-12-19 00:00:00
ics
ics
Siemens SINEC INS
2022-03-10 12:00:00
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00
avleonov
avleonov