CVE-2022-27774

Name
CVE-2022-27774
Description
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://hackerone.com/reports/1543773
CONFIRM https://security.netapp.com/advisory/ntap-20220609-0008/
DEBIAN https://www.debian.org/security/2022/dsa-5197
Third Party Advisory https://security.gentoo.org/glsa/202212-01
Mailing List https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* curl >= 4.9 <= 7.82.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
curl 3.12-main 7.79.1-r1 Natanael Copa <ncopa@alpinelinux.org> fixed