An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
References
Link | Resource |
---|---|
https://hackerone.com/reports/1526328 | Exploit Issue Tracking Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220609-0008/ | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5197 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202212-01 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Information
Published : 2022-05-26 10:15
Updated : 2023-01-05 10:10
NVD link : CVE-2022-22576
Mitre link : CVE-2022-22576
JSON object : View
CWE
CWE-287
Improper Authentication
Products Affected
netapp
- hci_compute_node
- clustered_data_ontap
- h300s
- h500s
- h410s
- solidfire_\&_hci_storage_node
- solidfire_\&_hci_management_node
- h500s_firmware
- h700s
- h410s_firmware
- bootstrap_os
- h700s_firmware
- h300s_firmware
haxx
- curl
brocade
- fabric_operating_system
debian
- debian_linux