Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-8169

Опубликовано: 24 июн. 2020
Источник: redhat
CVSS3: 5.9
EPSS Низкий

Описание

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).

A flaw was found in libcurl. A part of a password may be prepended to the host name before the host name is resolved, leading to a leak of the partial password over the network and to DNS servers. This highest threat from this vulnerability is to data confidentiality.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
.NET Core 2.1 on Red Hat Enterprise Linuxrh-dotnet21-curlNot affected
.NET Core 3.1 on Red Hat Enterprise Linuxrh-dotnet31-curlNot affected
Red Hat Ceph Storage 2curlOut of support scope
Red Hat Enterprise Linux 5curlNot affected
Red Hat Enterprise Linux 6curlNot affected
Red Hat Enterprise Linux 7curlNot affected
Red Hat Enterprise Linux 8curlNot affected
Red Hat Software Collectionshttpd24-curlNot affected
JBoss Core Services Apache HTTP Server 2.4.37 SP8jbcs-httpd24-curlFixedRHSA-2021:247117.06.2021
JBoss Core Services for RHEL 8jbcs-httpd24FixedRHSA-2021:247217.06.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1847916libcurl: partial password leak over DNS on HTTP redirect

EPSS

Процентиль: 17%
0.00053
Низкий

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-8169

CVSS3: 7.5
ubuntu
около 5 лет назад

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).

nvd логотип

CVE-2020-8169

CVSS3: 7.5
nvd
около 5 лет назад

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).

msrc логотип

CVE-2020-8169

CVSS3: 7.5
msrc
около 5 лет назад

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).

debian логотип

CVE-2020-8169

CVSS3: 7.5
debian
около 5 лет назад

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure ...

github логотип

GHSA-whwh-vhp2-pj62

CVSS3: 7.5
github
больше 3 лет назад

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).

EPSS

Процентиль: 17%
0.00053
Низкий

5.9 Medium

CVSS3