QwikSec

Security Database

CVE

CWE

Training

CVE-2022-27774

Published: Jun 1, 2022

Modified: May 27, 2026

PUBLISHED

Description

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.

Vendor	Product	Versions
n/a	https://github.com/curl/curl	affected `curl 4.9 to and include curl 7.82.0 are affected`

Weaknesses (CWE)

References

https://hackerone.com/reports/1543773

https://security.netapp.com/advisory/ntap-20220609-0008/

vendor-advisory

vendor-advisory

[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.