5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
8.5%
curl is vulnerable to Authentication Bypass. The vulnerability exists because the SSH connection is too eager to reuse still since it keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup
curl.se/docs/CVE-2023-27538.html
github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb
github.com/curl/curl/pull/10735
hackerone.com/reports/1898475
lists.debian.org/debian-lts-announce/2023/04/msg00025.html
lists.fedoraproject.org/archives/list/[email protected]/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.17/main.yaml
security.gentoo.org/glsa/202310-12
security.netapp.com/advisory/ntap-20230420-0010/
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
8.5%