Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-11053

Опубликовано: 11 дек. 2024
Источник: nvd
CVSS3: 3.4
EPSS Низкий

Описание

When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances.

This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
Версия от 7.76.0 (включая) до 8.11.1 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*
Конфигурация 6

Одновременно

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
Конфигурация 7

Одновременно

cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
Конфигурация 8

Одновременно

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
Конфигурация 9

Одновременно

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
Конфигурация 10

Одновременно

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

EPSS

Процентиль: 56%
0.00338
Низкий

3.4 Low

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2024-11053

CVSS3: 3.4
ubuntu
11 месяцев назад

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.

redhat логотип

CVE-2024-11053

CVSS3: 5.9
redhat
11 месяцев назад

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.

msrc логотип

CVE-2024-11053

CVSS3: 3.4
msrc
10 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-11053

CVSS3: 3.4
debian
11 месяцев назад

When asked to both use a `.netrc` file for credentials and to follow H ...

suse-cvrf логотип

SUSE-SU-2024:4359-1

suse-cvrf
11 месяцев назад

Security update for curl

EPSS

Процентиль: 56%
0.00338
Низкий

3.4 Low

CVSS3

Дефекты

NVD-CWE-noinfo