Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-23914

Опубликовано: 23 фев. 2023
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS3: 9.1

Описание

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.

РелизСтатусПримечание
bionic

not-affected

code not present
devel

released

7.87.0-2ubuntu1
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/bionic

not-affected

code not present
esm-infra/focal

not-affected

code not present
esm-infra/xenial

not-affected

code not present
focal

not-affected

code not present
jammy

released

7.81.0-1ubuntu1.8
kinetic

released

7.85.0-1ubuntu0.3
lunar

released

7.87.0-2ubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 30%
0.00109
Низкий

9.1 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2023-23914

CVSS3: 6.5
redhat
больше 2 лет назад

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.

nvd логотип

CVE-2023-23914

CVSS3: 9.1
nvd
больше 2 лет назад

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.

msrc логотип

CVE-2023-23914

CVSS3: 9.1
msrc
больше 2 лет назад

Описание отсутствует

debian логотип

CVE-2023-23914

CVSS3: 9.1
debian
больше 2 лет назад

A cleartext transmission of sensitive information vulnerability exists ...

redos логотип

ROS-20230417-05

CVSS3: 9.1
redos
около 2 лет назад

Уязвимость curl

EPSS

Процентиль: 30%
0.00109
Низкий

9.1 Critical

CVSS3