Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-30115

Опубликовано: 02 июн. 2022
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4
CVSS3: 4.3

Описание

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and not using thetrailing dot in the URL.

РелизСтатусПримечание
bionic

not-affected

code not present
devel

not-affected

code not present
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/bionic

not-affected

code not present
esm-infra/focal

not-affected

code not present
esm-infra/xenial

not-affected

code not present
focal

not-affected

code not present
impish

not-affected

code not present
jammy

not-affected

code not present
trusty/esm

not-affected

code not present

Показывать по

Ссылки на источники

EPSS

Процентиль: 30%
0.0011
Низкий

4 Medium

CVSS2

4.3 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2022-30115

CVSS3: 5.3
redhat
около 3 лет назад

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.

nvd логотип

CVE-2022-30115

CVSS3: 4.3
nvd
около 3 лет назад

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.

msrc логотип

CVE-2022-30115

CVSS3: 4.3
msrc
около 3 лет назад

Описание отсутствует

debian логотип

CVE-2022-30115

CVSS3: 4.3
debian
около 3 лет назад

Using its HSTS support, curl can be instructed to use HTTPS directly i ...

github логотип

GHSA-p8vh-85vc-66x9

CVSS3: 4.3
github
около 3 лет назад

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.

EPSS

Процентиль: 30%
0.0011
Низкий

4 Medium

CVSS2

4.3 Medium

CVSS3