CVE-2022-22576

HIGH
Published May 26, 20224y ago · Modified Jun 17, 20262w ago
8.1 CVSS 3.1
High
Find Similar
Published May 26, 2022 4y ago
Last Modified Jun 17, 2026 2w ago

Description

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).

CVSS Details

Base Score
8.1
Exploitability
2.8
Impact
5.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability None

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 2

CWE-287 Improper Authentication Authentication
CWE-306 Missing Authentication for Critical Function Authentication

Affected Products 20

VendorProductVersionRange
haxxcurl*≥7.33.0  –  <7.83.0
debiandebian_linux10.0any
debiandebian_linux11.0any
netappclustered_data_ontap*any
netappsolidfire_\&_hci_management_node*any
netappsolidfire_\&_hci_storage_node*any
brocadefabric_operating_system*any
netappbootstrap_os*any
netapphci_compute_node*any
netapph300s_firmware*any
netapph300s*any
netapph500s_firmware*any
netapph500s*any
netapph700s_firmware*any
netapph700s*any
netapph410s_firmware*any
netapph410s*any
splunkuniversal_forwarder*≥8.2.0  –  <8.2.12
splunkuniversal_forwarder*≥9.0.0  –  <9.0.6
splunkuniversal_forwarder9.1.0any

References 5

  • hackerone.com https://hackerone.com/reports/1526328
    ExploitIssue TrackingThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html
    Mailing ListThird Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/202212-01
    Third Party Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20220609-0008/
    Third Party Advisory
  • debian.org https://www.debian.org/security/2022/dsa-5197
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.