A vulnerability was found in curl. This security flaw allows leaking credentials to other servers when it follows redirects from auth-protected HTTP(S) URLs to other protocols and port numbers.

References

bugzilla.redhat.com/show_bug.cgi?id=2077547

curl.se/docs/CVE-2022-27774.html

nvd.nist.gov/vuln/detail/CVE-2022-27774

www.cve.org/CVERecord?id=CVE-2022-27774

hackerone 4

cve 1

ubuntucve 1

alpinelinux 1

cbl_mariner 1

prion 1

veracode 1

ibm 18

osv 6

debiancve 1

nessus 36

debian 4

photon 5

openvas 23

oraclelinux 2

redhat 16

mageia 1

freebsd 1

cloudfoundry 1

rocky 1

slackware 1

amazon 2

fedora 3

ubuntu 1

redos 1

almalinux 1

rosalinux 1

gentoo 1

tenable 1

ics 1

hackerone

curl: CVE-2022-27774: Credential leak on redirect

2022-04-18 19:36:47

Internet Bug Bounty: CVE-2022-27774: Credential leak on redirect

2022-04-27 07:04:13

curl: CVE-2022-27776: Auth/cookie leak on redirect

2022-04-21 15:20:43

cve

CVE-2022-27774

2022-06-02 14:15:00

ubuntucve

CVE-2022-27774

2022-04-27 00:00:00

alpinelinux

CVE-2022-27774

2022-06-02 14:15:00

cbl_mariner

CVE-2022-27774 affecting package curl 7.76.0-9

2022-05-12 02:16:39

prion

Design/Logic Flaw

2022-06-02 14:15:00

veracode

Information Disclosure

2022-04-30 16:23:47

ibm

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to loss of confidentiality due to CVE-2022-27774

2022-11-04 18:04:36

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to credential exposure in cURL libcurl (CVE-2022-27774)

2023-01-12 21:59:00

Security Bulletin: IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint has addressed multiple security vulnerabilities (CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)

2023-02-02 16:36:32

osv

CVE-2022-27774

2022-06-02 14:15:43

curl vulnerabilities

2022-04-28 18:23:23

Moderate: curl security update

2022-06-30 00:00:00

debiancve

CVE-2022-27774

2022-06-02 14:15:00

nessus

Debian DSA-5365-1 : curl - security update

2023-03-01 00:00:00

Amazon Linux 2022 : (ALAS2022-2022-055)

2022-09-06 00:00:00

AlmaLinux 9 : curl (ALSA-2022:5245)

2022-11-16 00:00:00

debian

[SECURITY] [DSA 5365-1] curl security update

2023-02-27 22:00:09

[SECURITY] [DSA 5330-1] curl security update

2023-01-27 17:53:54

[SECURITY] [DLA 3288-1] curl security update

2023-01-28 21:19:47

photon

Moderate Photon OS Security Update - PHSA-2022-0176

2022-04-30 00:00:00

Moderate Photon OS Security Update - PHSA-2022-0388

2022-04-30 00:00:00

Important Photon OS Security Update - PHSA-2022-3.0-0388

2022-05-01 00:00:00

openvas

Debian: Security Advisory (DSA-5365-1)

2023-03-02 00:00:00

Debian: Security Advisory (DSA-5330-1)

2023-01-30 00:00:00

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-2377)

2022-09-26 00:00:00

oraclelinux

curl security update

2022-06-30 00:00:00

curl security update

2022-06-30 00:00:00

redhat

(RHSA-2022:5245) Moderate: curl security update

2022-06-28 08:27:15

(RHSA-2022:5313) Moderate: curl security update

2022-06-28 10:52:02

(RHSA-2022:5699) Moderate: Secondary Scheduler Operator for Red Hat OpenShift 1.0.1 security update

2022-07-28 14:39:39

mageia

Updated curl packages fix security vulnerability

2022-05-02 22:44:52

freebsd

cURL -- Multiple vulnerabilities

2022-04-27 00:00:00

cloudfoundry

USN-5397-1: curl vulnerabilities | Cloud Foundry

2022-05-23 00:00:00

rocky

curl security update

2022-06-28 10:52:02

slackware

[slackware-security] curl

2022-04-27 21:48:34

amazon

Medium: curl

2022-05-04 01:01:00

Medium: curl

2022-12-01 17:33:00

fedora

[SECURITY] Fedora 36 Update: curl-7.82.0-4.fc36

2022-05-07 05:15:01

[SECURITY] Fedora 35 Update: curl-7.79.1-4.fc35

2022-05-18 01:11:50

[SECURITY] Fedora 34 Update: curl-7.76.1-16.fc34

2022-05-24 01:41:08

ubuntu

curl vulnerabilities

2022-04-28 00:00:00

redos

ROS-20220516-09

2022-05-16 00:00:00

almalinux

Moderate: curl security update

2022-06-30 00:00:00

rosalinux

Advisory ROSA-SA-2023-2220

2023-08-22 13:18:19

gentoo

curl: Multiple Vulnerabilities

2022-12-19 00:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

ics

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

58.0%

JSON

Related for RH:CVE-2022-27774