SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2022-27776

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 6.5		CVSS Score : 4.3
Exploit Score: 2.8		Exploit Score: 8.6
Impact Score: 3.6		Impact Score: 2.9

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector: NETWORK
Attack Complexity: LOW		Access Complexity: MEDIUM
Privileges Required: NONE		Authentication: NONE
User Interaction: REQUIRED		Confidentiality: PARTIAL
Scope: UNCHANGED		Integrity: NONE
Confidentiality: HIGH		Availability: NONE
Integrity: NONE
Availability: NONE

Reference:

DSA-5197

FEDORA-2022-bca2c95559

FEDORA-2022-f83aec6d57

GLSA-202212-01

https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html

https://hackerone.com/reports/1547048

https://security.netapp.com/advisory/ntap-20220609-0008/


30480



423868



253650



909



197367



282