CVE-2022-27776

Published: Jun 1, 2022

Modified: Nov 20, 2024

PUBLISHED

Description

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

Vendor	Product	Versions
n/a	https://github.com/curl/curl	affected `fixed in curl 7.83.0`

Weaknesses (CWE)

CWE-522

References

https://hackerone.com/reports/1547048

https://security.netapp.com/advisory/ntap-20220609-0008/

DSA-5197

vendor-advisory

[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update

mailing-list

FEDORA-2022-f83aec6d57

vendor-advisory

FEDORA-2022-bca2c95559

vendor-advisory

GLSA-202212-01

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-27776

Description

Affected Products

Weaknesses (CWE)

References