QwikSec

Security Database

CVE

CWE

Training

CVE-2022-32207

Published: Jul 7, 2022

Modified: Apr 23, 2025

PUBLISHED

Description

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.

Vendor	Product	Versions
n/a	https://github.com/curl/curl	affected `Fixed in 7.84.0`

Weaknesses (CWE)

References

https://hackerone.com/reports/1573634

FEDORA-2022-1b3d7f6973

vendor-advisory

vendor-advisory

https://security.netapp.com/advisory/ntap-20220915-0003/

https://support.apple.com/kb/HT213488

20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13

mailing-list

20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13

mailing-list

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.