Home

CVE-2022-27776

Description

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.682

Associated Vulnerability

VulnerabilityOS Platform
Windows Kernel Information Disclosure Vulnerability for Windows 10 Version 20H2 for x86-based Systems (KB5015807) (CVE-2022-22047)Windows
Windows Kernel Information Disclosure Vulnerability for Windows 10 Version 21H1 for x86-based Systems (KB5015807) (CVE-2022-22047)Windows
Windows Kernel Information Disclosure Vulnerability for Windows 10 Version 20H2 for x64-based Systems (KB5015807) (CVE-2022-22047)Windows
Windows Kernel Information Disclosure Vulnerability for Windows 10 Version 21H1 for x64-based Systems (KB5015807) (CVE-2022-22047)Windows
Windows Kernel Information Disclosure Vulnerability for Windows 10 Version 21H2 for x64-based Systems (KB5015807) (CVE-2022-22047)Windows
Windows Kernel Information Disclosure Vulnerability for Windows 10 Version 21H2 for x86-based Systems (KB5015807) (CVE-2022-22047)Windows
Windows Kernel Information Disclosure Vulnerability for Windows 10 Version 1809 for x86-based Systems (KB5015811) (CVE-2022-22047)Windows
Windows Kernel Information Disclosure Vulnerability for Windows 10 Version 1809 for x64-based Systems (KB5015811) (CVE-2022-22047)Windows
Windows Kernel Information Disclosure Vulnerability for Windows Server 2019 for x64-based Systems (KB5015811) (CVE-2022-22047)Windows
Windows Kernel Information Disclosure Vulnerability for Windows 11 for x64-based Systems (KB5015814) (CVE-2022-22047)Windows
Windows Kernel Information Disclosure Vulnerability for Microsoft server operating system version 21H2 for x64-based Systems (KB5015827) (CVE-2022-22047)Windows
Vulnerability CVE-2022-22576,CVE-2022-27774,CVE-2022-27775,CVE-2022-27776 are affected in Curl For Windows 7.82.0Windows
Vulnerabilities CVE-2022-27776,CVE-2022-27775,CVE-2022-27774,CVE-2022-22576 are fixed in Curl For Windows 7.83.0Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.3Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.4Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.5Windows
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) curl_7.81.0-1ubuntu1.2_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) curl_7.81.0-1ubuntu1.2_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) curl_7.58.0-2ubuntu3.17_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) curl_7.58.0-2ubuntu3.17_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) curl_7.68.0-1ubuntu2.10_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) curl_7.68.0-1ubuntu2.10_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) curl_7.74.0-1.3ubuntu2.1_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) curl_7.74.0-1.3ubuntu2.1_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl4_7.81.0-1ubuntu1.2_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl4_7.81.0-1ubuntu1.2_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl4_7.58.0-2ubuntu3.17_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl4_7.58.0-2ubuntu3.17_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl4_7.68.0-1ubuntu2.10_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl4_7.68.0-1ubuntu2.10_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl4_7.74.0-1.3ubuntu2.1_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl4_7.74.0-1.3ubuntu2.1_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-nss_7.81.0-1ubuntu1.2_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-nss_7.81.0-1ubuntu1.2_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-nss_7.58.0-2ubuntu3.17_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-nss_7.58.0-2ubuntu3.17_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-nss_7.68.0-1ubuntu2.10_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-nss_7.68.0-1ubuntu2.10_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-nss_7.74.0-1.3ubuntu2.1_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-nss_7.74.0-1.3ubuntu2.1_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-gnutls_7.81.0-1ubuntu1.2_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-gnutls_7.81.0-1ubuntu1.2_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-gnutls_7.58.0-2ubuntu3.17_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-gnutls_7.58.0-2ubuntu3.17_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-gnutls_7.68.0-1ubuntu2.10_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-gnutls_7.68.0-1ubuntu2.10_amd64.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-gnutls_7.74.0-1.3ubuntu2.1_i386.debLinux
HTTP, HTTPS, and FTP client and client libraries (USN-5397-1) libcurl3-gnutls_7.74.0-1.3ubuntu2.1_amd64.debLinux
SUSE-SU-2022:1680-1(SUSE Linux Enterprise Server 12-SP5 ) curl-7.60.0-11.37.1.x86_64.rpmLinux
SUSE-SU-2022:1680-1(SUSE Linux Enterprise Server 12-SP5 ) curl-debuginfo-7.60.0-11.37.1.x86_64.rpmLinux
SUSE-SU-2022:1680-1(SUSE Linux Enterprise Server 12-SP5 ) curl-debugsource-7.60.0-11.37.1.x86_64.rpmLinux
SUSE-SU-2022:1680-1(SUSE Linux Enterprise Server 12-SP5 ) libcurl4-7.60.0-11.37.1.x86_64.rpmLinux
SUSE-SU-2022:1680-1(SUSE Linux Enterprise Server 12-SP5 ) libcurl4-32bit-7.60.0-11.37.1.x86_64.rpmLinux
SUSE-SU-2022:1680-1(SUSE Linux Enterprise Server 12-SP5 ) libcurl4-debuginfo-7.60.0-11.37.1.x86_64.rpmLinux
SUSE-SU-2022:1680-1(SUSE Linux Enterprise Server 12-SP5 ) libcurl4-debuginfo-32bit-7.60.0-11.37.1.x86_64.rpmLinux
(RHSA-2022:5313) curl security update curl-7.61.1-22.el8_6.3.x86_64.rpmLinux
(RHSA-2022:5313) curl security update curl-debugsource-7.61.1-22.el8_6.3.i686.rpmLinux
(RHSA-2022:5313) curl security update curl-debugsource-7.61.1-22.el8_6.3.x86_64.rpmLinux
(RHSA-2022:5313) curl security update libcurl-7.61.1-22.el8_6.3.i686.rpmLinux
(RHSA-2022:5313) curl security update libcurl-7.61.1-22.el8_6.3.x86_64.rpmLinux
(RHSA-2022:5313) curl security update libcurl-devel-7.61.1-22.el8_6.3.i686.rpmLinux
(RHSA-2022:5313) curl security update libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpmLinux
(RHSA-2022:5313) curl security update libcurl-minimal-7.61.1-22.el8_6.3.i686.rpmLinux
(RHSA-2022:5313) curl security update libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpmLinux
Curl update (ELSA-2022-5313) curl-7.61.1-22.el8_6.3.x86_64.rpmLinux
Libcurl update (ELSA-2022-5313) libcurl-7.61.1-22.el8_6.3.i686.rpmLinux
Libcurl update (ELSA-2022-5313) libcurl-7.61.1-22.el8_6.3.x86_64.rpmLinux
Libcurl-devel update (ELSA-2022-5313) libcurl-devel-7.61.1-22.el8_6.3.i686.rpmLinux
Libcurl-devel update (ELSA-2022-5313) libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpmLinux
Libcurl-minimal update (ELSA-2022-5313) libcurl-minimal-7.61.1-22.el8_6.3.i686.rpmLinux
Libcurl-minimal update (ELSA-2022-5313) libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpmLinux
curl security update(DSA-5197-1) curl_7.74.0-1.3+deb11u2_amd64.debLinux
curl security update (RLSA-2022:5313) curl-7.61.1-22.el8_6.3.x86_64.rpmLinux
curl security update (RLSA-2022:5313) libcurl-7.61.1-22.el8_6.3.i686.rpmLinux
curl security update (RLSA-2022:5313) libcurl-7.61.1-22.el8_6.3.x86_64.rpmLinux
curl security update (RLSA-2022:5313) libcurl-devel-7.61.1-22.el8_6.3.i686.rpmLinux
curl security update (RLSA-2022:5313) libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpmLinux
curl security update (RLSA-2022:5313) libcurl-minimal-7.61.1-22.el8_6.3.i686.rpmLinux
curl security update (RLSA-2022:5313) libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpmLinux
Curl update (ELSA-2022-5245) curl-7.76.1-14.el9_0.4.x86_64.rpmLinux
Curl-minimal update (ELSA-2022-5245) curl-minimal-7.76.1-14.el9_0.4.x86_64.rpmLinux
Libcurl update (ELSA-2022-5245) libcurl-7.76.1-14.el9_0.4.i686.rpmLinux
Libcurl update (ELSA-2022-5245) libcurl-7.76.1-14.el9_0.4.x86_64.rpmLinux
Libcurl-devel update (ELSA-2022-5245) libcurl-devel-7.76.1-14.el9_0.4.i686.rpmLinux
Libcurl-devel update (ELSA-2022-5245) libcurl-devel-7.76.1-14.el9_0.4.x86_64.rpmLinux
Libcurl-minimal update (ELSA-2022-5245) libcurl-minimal-7.76.1-14.el9_0.4.i686.rpmLinux
Libcurl-minimal update (ELSA-2022-5245) libcurl-minimal-7.76.1-14.el9_0.4.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-340812022-07 Cumulative Update for Windows 10 Version 20H2 for x86-based Systems (KB5015807) (CVE-2022-22047)
PATCH-340822022-07 Cumulative Update for Windows 10 Version 21H1 for x86-based Systems (KB5015807) (CVE-2022-22047)
PATCH-340832022-07 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5015807) (CVE-2022-22047)
PATCH-340852022-07 Cumulative Update for Windows 10 Version 21H1 for x64-based Systems (KB5015807) (CVE-2022-22047)
PATCH-340862022-07 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5015807) (CVE-2022-22047)
PATCH-340872022-07 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5015807) (CVE-2022-22047)
PATCH-340902022-07 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5015811) (CVE-2022-22047)
PATCH-340912022-07 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5015811) (CVE-2022-22047)
PATCH-340922022-07 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5015811) (CVE-2022-22047)
PATCH-340882022-07 Cumulative Update for Windows 11 for x64-based Systems (KB5015814) (CVE-2022-22047)
PATCH-340892022-07 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5015827) (CVE-2022-22047)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234