Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2022-27774
HistoryJun 02, 2022 - 2:15 p.m.

CVE-2022-27774

2022-06-0214:15:43
Debian Security Bug Tracker
security-tracker.debian.org
24

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

58.5%

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.

OSVersionArchitecturePackageVersionFilename
Debian12allcurl< 7.83.0-1curl_7.83.0-1_all.deb
Debian11allcurl< 7.74.0-1.3+deb11u2curl_7.74.0-1.3+deb11u2_all.deb
Debian999allcurl< 7.83.0-1curl_7.83.0-1_all.deb
Debian13allcurl< 7.83.0-1curl_7.83.0-1_all.deb

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

58.5%