Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-11053

Опубликовано: 11 дек. 2024
Источник: nvd
CVSS3: 3.4
EPSS Низкий

Описание

When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances.

This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
Версия от 7.76.0 (включая) до 8.11.1 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*
Конфигурация 6

Одновременно

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
Конфигурация 7

Одновременно

cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
Конфигурация 8

Одновременно

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
Конфигурация 9

Одновременно

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
Конфигурация 10

Одновременно

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

EPSS

Процентиль: 56%
0.00337
Низкий

3.4 Low

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2024-11053

CVSS3: 3.4
ubuntu
около 1 года назад

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.

redhat логотип

CVE-2024-11053

CVSS3: 5.9
redhat
около 1 года назад

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.

msrc логотип

CVE-2024-11053

CVSS3: 3.4
msrc
11 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-11053

CVSS3: 3.4
debian
около 1 года назад

When asked to both use a `.netrc` file for credentials and to follow H ...

suse-cvrf логотип

SUSE-SU-2024:4359-1

suse-cvrf
около 1 года назад

Security update for curl

EPSS

Процентиль: 56%
0.00337
Низкий

3.4 Low

CVSS3

Дефекты

NVD-CWE-noinfo