CVE-2022-27776

MEDIUM
Published Jun 2, 20224y ago · Modified Jun 17, 20262w ago
6.5 CVSS 3.1
Medium
Find Similar
Published Jun 2, 2022 4y ago
Last Modified Jun 17, 2026 2w ago

Description

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

CVSS Details

Base Score
6.5
Exploitability
2.8
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-522

Affected Products 22

VendorProductVersionRange
haxxcurl* <7.83.0
fedoraprojectfedora36any
fedoraprojectfedora37any
debiandebian_linux10.0any
debiandebian_linux11.0any
netapphci_bootstrap_os*any
netapphci_compute_node*any
netappclustered_data_ontap*any
netappsolidfire_\&_hci_management_node*any
netappsolidfire_\&_hci_storage_node*any
brocadefabric_operating_system*any
netapph300s_firmware*any
netapph300s*any
netapph500s_firmware*any
netapph500s*any
netapph700s_firmware*any
netapph700s*any
netapph410s_firmware*any
netapph410s*any
splunkuniversal_forwarder*≥8.2.0  –  <8.2.12
splunkuniversal_forwarder*≥9.0.0  –  <9.0.6
splunkuniversal_forwarder9.1.0any

References 7

  • hackerone.com https://hackerone.com/reports/1547048
    ExploitThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html
    Mailing ListThird Party Advisory
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/
    Mailing ListThird Party Advisory
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/
    Mailing ListThird Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/202212-01
    Third Party Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20220609-0008/
    Third Party Advisory
  • debian.org https://www.debian.org/security/2022/dsa-5197
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.