Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-27776

Опубликовано: 27 апр. 2022
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

A vulnerability was found in curl. This security flaw allows leak authentication or cookie header data on HTTP redirects to the same host but another port number. Sending the same set of headers to a server on a different port number is a problem for applications that pass on custom Authorization: or Cookie:headers. Those headers often contain privacy-sensitive information or data.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
.NET Core 3.1 on Red Hat Enterprise Linuxrh-dotnet31-curlOut of support scope
Red Hat Enterprise Linux 6curlOut of support scope
Red Hat Enterprise Linux 7curlOut of support scope
Red Hat JBoss Core ServicescurlNot affected
Red Hat Software Collectionshttpd24-curlWill not fix
Red Hat Enterprise Linux 8curlFixedRHSA-2022:531330.06.2022
Red Hat Enterprise Linux 9curlFixedRHSA-2022:524501.07.2022
Red Hat Enterprise Linux 9curlFixedRHSA-2022:524501.07.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-522
https://bugzilla.redhat.com/show_bug.cgi?id=2078408curl: auth/cookie leak on redirect

EPSS

Процентиль: 67%
0.00557
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-27776

CVSS3: 6.5
ubuntu
около 3 лет назад

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

nvd логотип

CVE-2022-27776

CVSS3: 6.5
nvd
около 3 лет назад

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

msrc логотип

CVE-2022-27776

msrc
почти 3 года назад

HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data

debian логотип

CVE-2022-27776

CVSS3: 6.5
debian
около 3 лет назад

A insufficiently protected credentials vulnerability in fixed in curl ...

github логотип

GHSA-hc85-wpv5-52wh

CVSS3: 6.5
github
около 3 лет назад

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

EPSS

Процентиль: 67%
0.00557
Низкий

4.3 Medium

CVSS3