An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
References
Link | Resource |
---|---|
https://hackerone.com/reports/1543773 | Exploit Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220609-0008/ | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5197 | Third Party Advisory |
https://security.gentoo.org/glsa/202212-01 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html | Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Information
Published : 2022-06-02 07:15
Updated : 2023-02-23 09:59
NVD link : CVE-2022-27774
Mitre link : CVE-2022-27774
JSON object : View
CWE
CWE-522
Insufficiently Protected Credentials
Products Affected
netapp
- hci_compute_node
- clustered_data_ontap
- h300s
- h500s
- h410s
- solidfire_\&_hci_storage_node
- solidfire_\&_hci_management_node
- h500s_firmware
- h700s
- hci_bootstrap_os
- h410s_firmware
- h700s_firmware
- h300s_firmware
haxx
- curl
brocade
- fabric_operating_system
debian
- debian_linux