Lucene search

K
cvelistHackeroneCVELIST:CVE-2023-27536
HistoryMar 30, 2023 - 12:00 a.m.

CVE-2023-27536

2023-03-3000:00:00
CWE-305
hackerone
www.cve.org
authentication bypass
vulnerability
libcurl
connection reuse
unauthorized access
sensitive information

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.1%

An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "https://github.com/curl/curl",
    "versions": [
      {
        "version": "Fixed in 8.0.0",
        "status": "affected"
      }
    ]
  }
]