Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-27776HistoryJun 02, 2022 - 2:15 p.m.
CVE-2022-27776
2022-06-0214:15:00
Debian Security Bug Tracker
security-tracker.debian.org
36
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
68.4%
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | curl | <ย 7.83.0-1 | curl_7.83.0-1_all.deb |
| Debian | 11 | all | curl | <ย 7.74.0-1.3+deb11u2 | curl_7.74.0-1.3+deb11u2_all.deb |
| Debian | 10 | all | curl | <ย 7.64.0-4+deb10u3 | curl_7.64.0-4+deb10u3_all.deb |
| Debian | 999 | all | curl | <ย 7.83.0-1 | curl_7.83.0-1_all.deb |
| Debian | 13 | all | curl | <ย 7.83.0-1 | curl_7.83.0-1_all.deb |
Related
hackerone
hackerone
curl: Credential leak on redirect
2022-05-13 11:31:21
Internet Bug Bounty: CVE-2022-27776: Auth/cookie leak on redirect
2022-04-27 07:10:47
curl: CVE-2022-27776: Auth/cookie leak on redirect
2022-04-21 15:20:43
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to loss of confidentiality due to CVE-2022-27776
2022-11-04 18:06:17
veracode
veracode
Information Disclosure
2022-04-30 16:23:48
alpinelinux
alpinelinux
CVE-2022-27776
2022-06-02 14:15:00
redhatcve
redhatcve
CVE-2022-27776
2022-04-27 06:55:50
osv
osv
CVE-2022-27776
2022-06-02 14:15:43
Change in port should be considered a change in origin
2022-06-21 20:07:16
CURLOPT_HTTPAUTH option not cleared on change of origin
2022-06-21 16:57:10
ubuntucve
ubuntucve
CVE-2022-27776
2022-04-27 00:00:00
prion
prion
Design/Logic Flaw
2022-06-02 14:15:00
cve
cve
CVE-2022-27776
2022-06-02 14:15:00
mscve
mscve
cbl_mariner
cbl_mariner
CVE-2022-27776 affecting package curl 7.76.0-9
2022-05-12 02:16:39
rubygems
rubygems
Authorization header leak on port redirect in mechanize
2022-06-08 21:00:00
nessus
nessus
FreeBSD : mediawiki -- multiple vulnerabilities (5ab54ea0-fa94-11ec-996c-080027b24e86)
2022-07-03 00:00:00
SUSE SLES12 Security Update : curl (SUSE-SU-2022:1680-1)
2022-05-17 00:00:00
SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2022:1657-1)
2022-05-14 00:00:00
github
github
CURLOPT_HTTPAUTH option not cleared on change of origin
2022-06-21 16:57:10
Change in port should be considered a change in origin
2022-06-21 20:07:16
freebsd
freebsd
mediawiki -- multiple vulnerabilities
2022-05-16 00:00:00
cURL -- Multiple vulnerabilities
2022-04-27 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:1680-1)
2022-05-17 00:00:00
Fedora: Security Advisory for mediawiki (FEDORA-2022-bca2c95559)
2022-09-13 00:00:00
openSUSE: Security Advisory for curl (SUSE-SU-2022:1657-1)
2022-05-17 00:00:00
suse
suse
Security update for curl (moderate)
2022-05-13 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: mediawiki-1.38.2-1.fc37
2022-09-12 17:57:50
[SECURITY] Fedora 36 Update: curl-7.82.0-4.fc36
2022-05-07 05:15:01
[SECURITY] Fedora 35 Update: curl-7.79.1-4.fc35
2022-05-18 01:11:50
cloudfoundry
cloudfoundry
USN-5397-1: curl vulnerabilities | Cloud Foundry
2022-05-23 00:00:00
rocky
rocky
curl security update
2022-06-28 10:52:02
redos
redos
ROS-20220516-09
2022-05-16 00:00:00
almalinux
almalinux
Moderate: curl security update
2022-06-30 00:00:00
slackware
slackware
[slackware-security] curl
2022-04-27 21:48:34
redhat
redhat
(RHSA-2022:5313) Moderate: curl security update
2022-06-28 10:52:02
(RHSA-2022:5245) Moderate: curl security update
2022-06-28 08:27:15
amazon
amazon
Medium: curl
2022-05-04 01:01:00
Medium: curl
2022-12-01 17:33:00
oraclelinux
oraclelinux
curl security update
2022-06-30 00:00:00
curl security update
2022-06-30 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2022-04-28 00:00:00
mageia
mageia
Updated curl packages fix security vulnerability
2022-05-02 22:44:52
rosalinux
rosalinux
Advisory ROSA-SA-2023-2220
2023-08-22 13:18:19
photon
photon
Important Photon OS Security Update - PHSA-2022-0205
2022-06-27 00:00:00
Important Photon OS Security Update - PHSA-2022-0486
2022-06-19 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0205
2022-06-27 00:00:00
debian
debian
[SECURITY] [DLA 3085-1] curl security update
2022-08-28 23:00:51
[SECURITY] [DSA 5197-1] curl security update
2022-08-01 16:58:44
gentoo
gentoo
curl: Multiple Vulnerabilities
2022-12-19 00:00:00
mskb
mskb
July 12, 2022โKB5015814 (OS Build 22000.795)
2022-07-12 07:00:00
July 12, 2022โKB5015811 (OS Build 17763.3165)
2022-07-12 07:00:00
July 12, 2022โKB5015827 (OS Build 20348.825)
2022-07-12 07:00:00
kaspersky
kaspersky
KLA12580 Multiple vulnerabilities in Microsoft Windows
2022-07-12 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - July 2022
2022-07-12 19:40:15
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
68.4%
Related for DEBIANCVE:CVE-2022-27776