Lucene search

K
cvelistHackeroneCVELIST:CVE-2022-32207
HistoryJul 07, 2022 - 12:00 a.m.

CVE-2022-32207

2022-07-0700:00:00
CWE-840
hackerone
www.cve.org
10
curl
atomic operation
file permissions
security vulnerability
cve-2022-32207

AI Score

9.3

Confidence

High

EPSS

0.003

Percentile

69.7%

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the updated file accessible to more users than intended.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "https://github.com/curl/curl",
    "versions": [
      {
        "version": "Fixed in 7.84.0",
        "status": "affected"
      }
    ]
  }
]