Home

CVE-2022-27774

Description

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.

Risk Information

Base Score
5.7
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.264

Associated Vulnerability

VulnerabilityOS Platform
Vulnerability CVE-2022-22576,CVE-2022-27774,CVE-2022-27775,CVE-2022-27776 are affected in Curl For Windows 7.82.0Windows
Vulnerabilities CVE-2022-27776,CVE-2022-27775,CVE-2022-27774,CVE-2022-22576 are fixed in Curl For Windows 7.83.0Windows
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) curl_7.81.0-1ubuntu1.2_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) curl_7.81.0-1ubuntu1.2_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) curl_7.58.0-2ubuntu3.17_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) curl_7.58.0-2ubuntu3.17_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) curl_7.68.0-1ubuntu2.10_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) curl_7.68.0-1ubuntu2.10_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) curl_7.74.0-1.3ubuntu2.1_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) curl_7.74.0-1.3ubuntu2.1_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl4_7.81.0-1ubuntu1.2_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl4_7.81.0-1ubuntu1.2_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl4_7.58.0-2ubuntu3.17_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl4_7.58.0-2ubuntu3.17_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl4_7.68.0-1ubuntu2.10_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl4_7.68.0-1ubuntu2.10_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl4_7.74.0-1.3ubuntu2.1_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl4_7.74.0-1.3ubuntu2.1_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-nss_7.81.0-1ubuntu1.2_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-nss_7.81.0-1ubuntu1.2_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-nss_7.58.0-2ubuntu3.17_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-nss_7.58.0-2ubuntu3.17_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-nss_7.68.0-1ubuntu2.10_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-nss_7.68.0-1ubuntu2.10_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-nss_7.74.0-1.3ubuntu2.1_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-nss_7.74.0-1.3ubuntu2.1_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-gnutls_7.81.0-1ubuntu1.2_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-gnutls_7.81.0-1ubuntu1.2_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-gnutls_7.58.0-2ubuntu3.17_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-gnutls_7.58.0-2ubuntu3.17_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-gnutls_7.68.0-1ubuntu2.10_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-gnutls_7.68.0-1ubuntu2.10_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-gnutls_7.74.0-1.3ubuntu2.1_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-gnutls_7.74.0-1.3ubuntu2.1_amd64.debLinux
(RHSA-2022:5313) curl security update curl-7.61.1-22.el8_6.3.x86_64.rpmLinux
(RHSA-2022:5313) curl security update curl-debugsource-7.61.1-22.el8_6.3.i686.rpmLinux
(RHSA-2022:5313) curl security update curl-debugsource-7.61.1-22.el8_6.3.x86_64.rpmLinux
(RHSA-2022:5313) curl security update libcurl-7.61.1-22.el8_6.3.i686.rpmLinux
(RHSA-2022:5313) curl security update libcurl-7.61.1-22.el8_6.3.x86_64.rpmLinux
(RHSA-2022:5313) curl security update libcurl-devel-7.61.1-22.el8_6.3.i686.rpmLinux
(RHSA-2022:5313) curl security update libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpmLinux
(RHSA-2022:5313) curl security update libcurl-minimal-7.61.1-22.el8_6.3.i686.rpmLinux
(RHSA-2022:5313) curl security update libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpmLinux
Curl update (ELSA-2022-5313) curl-7.61.1-22.el8_6.3.x86_64.rpmLinux
Libcurl update (ELSA-2022-5313) libcurl-7.61.1-22.el8_6.3.i686.rpmLinux
Libcurl update (ELSA-2022-5313) libcurl-7.61.1-22.el8_6.3.x86_64.rpmLinux
Libcurl-devel update (ELSA-2022-5313) libcurl-devel-7.61.1-22.el8_6.3.i686.rpmLinux
Libcurl-devel update (ELSA-2022-5313) libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpmLinux
Libcurl-minimal update (ELSA-2022-5313) libcurl-minimal-7.61.1-22.el8_6.3.i686.rpmLinux
Libcurl-minimal update (ELSA-2022-5313) libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpmLinux
curl security update(DSA-5197-1) curl_7.74.0-1.3+deb11u2_amd64.debLinux
curl security update (RLSA-2022:5313) curl-7.61.1-22.el8_6.3.x86_64.rpmLinux
curl security update (RLSA-2022:5313) libcurl-7.61.1-22.el8_6.3.i686.rpmLinux
curl security update (RLSA-2022:5313) libcurl-7.61.1-22.el8_6.3.x86_64.rpmLinux
curl security update (RLSA-2022:5313) libcurl-devel-7.61.1-22.el8_6.3.i686.rpmLinux
curl security update (RLSA-2022:5313) libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpmLinux
curl security update (RLSA-2022:5313) libcurl-minimal-7.61.1-22.el8_6.3.i686.rpmLinux
curl security update (RLSA-2022:5313) libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpmLinux
Curl update (ELSA-2022-5245) curl-7.76.1-14.el9_0.4.x86_64.rpmLinux
Curl-minimal update (ELSA-2022-5245) curl-minimal-7.76.1-14.el9_0.4.x86_64.rpmLinux
Libcurl update (ELSA-2022-5245) libcurl-7.76.1-14.el9_0.4.i686.rpmLinux
Libcurl update (ELSA-2022-5245) libcurl-7.76.1-14.el9_0.4.x86_64.rpmLinux
Libcurl-devel update (ELSA-2022-5245) libcurl-devel-7.76.1-14.el9_0.4.i686.rpmLinux
Libcurl-devel update (ELSA-2022-5245) libcurl-devel-7.76.1-14.el9_0.4.x86_64.rpmLinux
Libcurl-minimal update (ELSA-2022-5245) libcurl-minimal-7.76.1-14.el9_0.4.i686.rpmLinux
Libcurl-minimal update (ELSA-2022-5245) libcurl-minimal-7.76.1-14.el9_0.4.x86_64.rpmLinux
SUSE-SU-2023:2225-1(SUSE Linux Enterprise Server 12 SP5 ) curl-8.0.1-11.65.2.x86_64.rpmLinux
SUSE-SU-2023:2225-1(SUSE Linux Enterprise Server 12 SP5 ) curl-debuginfo-8.0.1-11.65.2.x86_64.rpmLinux
SUSE-SU-2023:2225-1(SUSE Linux Enterprise Server 12 SP5 ) curl-debugsource-8.0.1-11.65.2.x86_64.rpmLinux
SUSE-SU-2023:2225-1(SUSE Linux Enterprise Server 12 SP5 ) libcurl4-8.0.1-11.65.2.x86_64.rpmLinux
SUSE-SU-2023:2225-1(SUSE Linux Enterprise Server 12 SP5 ) libcurl4-32bit-8.0.1-11.65.2.x86_64.rpmLinux
SUSE-SU-2023:2225-1(SUSE Linux Enterprise Server 12 SP5 ) libcurl4-debuginfo-8.0.1-11.65.2.x86_64.rpmLinux
SUSE-SU-2023:2225-1(SUSE Linux Enterprise Server 12 SP5 ) libcurl4-debuginfo-32bit-8.0.1-11.65.2.x86_64.rpmLinux
SUSE-SU-2023:2295-1(Server Applications Module 15-SP4 ) rmt-server-2.13-150400.3.12.1.x86_64.rpmLinux
SUSE-SU-2023:2295-1(Server Applications Module 15-SP4 ) rmt-server-config-2.13-150400.3.12.1.x86_64.rpmLinux
SUSE-SU-2023:2295-1(Public Cloud Module 15-SP4 ) rmt-server-debuginfo-2.13-150400.3.12.1.x86_64.rpmLinux
SUSE-SU-2023:2295-1(Public Cloud Module 15-SP4 ) rmt-server-debugsource-2.13-150400.3.12.1.x86_64.rpmLinux
SUSE-SU-2023:2295-1(Public Cloud Module 15-SP4 ) rmt-server-pubcloud-2.13-150400.3.12.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234