Описание
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly ensuring that the connection was authenticated with the same credentials set for this transfer. This issue leads to an authentication bypass, either by mistake or by a malicious actor.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| .NET Core 3.1 on Red Hat Enterprise Linux | rh-dotnet31-curl | Out of support scope | ||
| Red Hat Enterprise Linux 6 | curl | Not affected | ||
| Red Hat Enterprise Linux 7 | curl | Not affected | ||
| Red Hat JBoss Core Services | curl | Not affected | ||
| Red Hat Software Collections | httpd24-curl | Will not fix | ||
| Red Hat Enterprise Linux 8 | curl | Fixed | RHSA-2022:5313 | 30.06.2022 |
| Red Hat Enterprise Linux 9 | curl | Fixed | RHSA-2022:5245 | 01.07.2022 |
| Red Hat Enterprise Linux 9 | curl | Fixed | RHSA-2022:5245 | 01.07.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
An improper authentication vulnerability exists in curl 7.33.0 to and ...
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
EPSS
8.1 High
CVSS3