CVE-2022-27776

Опубликовано: 02 июн. 2022

Источник: debian

EPSS Низкий

Описание

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
curl	fixed	7.83.0-1		package

Примечания

https://curl.se/docs/CVE-2022-27776.html
Fixed by: https://github.com/curl/curl/commit/6e659993952aa5f90f48864be84a1bbb047fc258 (curl-7_83_0)

EPSS

Процентиль: 70%

0.00647

Низкий

Связанные уязвимости

CVE-2022-27776

CVSS3: 6.5

ubuntu

около 3 лет назад

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

CVE-2022-27776

CVSS3: 4.3

redhat

больше 3 лет назад

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

CVE-2022-27776

CVSS3: 6.5

nvd

около 3 лет назад

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

CVE-2022-27776

msrc

около 3 лет назад

HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data

GHSA-hc85-wpv5-52wh

CVSS3: 6.5

github

около 3 лет назад

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

EPSS

Процентиль: 70%

0.00647

Низкий