An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.

CPENameOperatorVersion
debian_linuxeq10.0
debian_linuxeq11.0
curlge4.9
curlle7.82.0

Name	Operator	Version
debian_linux	eq	10.0
debian_linux	eq	11.0
curl	ge	4.9
curl	le	7.82.0

References

hackerone.com/reports/1543773

lists.debian.org/debian-lts-announce/2023/01/msg00028.html

security.gentoo.org/glsa/202212-01

security.netapp.com/advisory/ntap-20220609-0008/

www.debian.org/security/2022/dsa-5197

hackerone 4

cve 1

ubuntucve 1

cbl_mariner 1

alpinelinux 1

nvd 1

redhatcve 1

ibm 20

veracode 1

cvelist 1

osv 6

debiancve 1

nessus 40

debian 4

photon 5

openvas 23

cloudfoundry 1

rocky 1

freebsd 1

redhat 16

oraclelinux 2

mageia 1

fedora 3

slackware 1

amazon 2

ubuntu 1

redos 1

almalinux 1

rosalinux 1

gentoo 1

tenable 1

ics 1

hackerone

curl: CVE-2022-27774: Credential leak on redirect

2022-04-18 19:36:47

Internet Bug Bounty: CVE-2022-27774: Credential leak on redirect

2022-04-27 07:04:13

curl: CVE-2022-27776: Auth/cookie leak on redirect

2022-04-21 15:20:43

cve

CVE-2022-27774

2022-06-02 14:15:43

ubuntucve

CVE-2022-27774

2022-04-27 00:00:00

cbl_mariner

CVE-2022-27774 affecting package curl 7.76.0-9

2022-05-12 02:16:39

alpinelinux

CVE-2022-27774

2022-06-02 14:15:43

nvd

CVE-2022-27774

2022-06-02 14:15:43

redhatcve

CVE-2022-27774

2022-04-27 06:54:31

ibm

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to loss of confidentiality due to CVE-2022-27774

2022-11-04 18:04:36

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to credential exposure in cURL libcurl (CVE-2022-27774)

2023-01-12 21:59:00

Security Bulletin: IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint has addressed multiple security vulnerabilities (CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)

2023-02-02 16:36:32

veracode

Information Disclosure

2022-04-30 16:23:47

cvelist

CVE-2022-27774

2022-06-01 00:00:00

osv

CVE-2022-27774

2022-06-02 14:15:43

curl vulnerabilities

2022-04-28 18:23:23

Moderate: curl security update

2022-06-30 00:00:00

debiancve

CVE-2022-27774

2022-06-02 14:15:43

nessus

Debian DSA-5365-1 : curl - security update

2023-03-01 00:00:00

FreeBSD : cURL -- Multiple vulnerabilities (92a4d881-c6cf-11ec-a06f-d4c9ef517024)

2022-04-28 00:00:00

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current curl Multiple Vulnerabilities (SSA:2022-117-01)

2022-04-27 00:00:00

debian

[SECURITY] [DSA 5365-1] curl security update

2023-02-27 22:00:09

[SECURITY] [DSA 5330-1] curl security update

2023-01-27 17:53:54

[SECURITY] [DLA 3288-1] curl security update

2023-01-28 21:19:47

photon

Moderate Photon OS Security Update - PHSA-2022-0176

2022-04-30 00:00:00

Moderate Photon OS Security Update - PHSA-2022-0388

2022-04-30 00:00:00

Important Photon OS Security Update - PHSA-2022-3.0-0388

2022-05-01 00:00:00

openvas

Debian: Security Advisory (DSA-5365-1)

2023-03-02 00:00:00

Debian: Security Advisory (DSA-5330-1)

2023-01-30 00:00:00

Ubuntu: Security Advisory (USN-5397-1)

2022-04-29 00:00:00

cloudfoundry

USN-5397-1: curl vulnerabilities | Cloud Foundry

2022-05-23 00:00:00

rocky

curl security update

2022-06-28 10:52:02

freebsd

cURL -- Multiple vulnerabilities

2022-04-27 00:00:00

redhat

(RHSA-2022:5245) Moderate: curl security update

2022-06-28 08:27:15

(RHSA-2022:5313) Moderate: curl security update

2022-06-28 10:52:02

(RHSA-2022:5699) Moderate: Secondary Scheduler Operator for Red Hat OpenShift 1.0.1 security update

2022-07-28 14:39:39

oraclelinux

curl security update

2022-06-30 00:00:00

curl security update

2022-06-30 00:00:00

mageia

Updated curl packages fix security vulnerability

2022-05-02 22:44:52

fedora

[SECURITY] Fedora 36 Update: curl-7.82.0-4.fc36

2022-05-07 05:15:01

[SECURITY] Fedora 35 Update: curl-7.79.1-4.fc35

2022-05-18 01:11:50

[SECURITY] Fedora 34 Update: curl-7.76.1-16.fc34

2022-05-24 01:41:08

slackware

[slackware-security] curl

2022-04-27 21:48:34

amazon

Medium: curl

2022-05-04 01:01:00

Medium: curl

2022-12-01 17:33:00

ubuntu

curl vulnerabilities

2022-04-28 00:00:00

redos

ROS-20220516-09

2022-05-16 00:00:00

almalinux

Moderate: curl security update

2022-06-30 00:00:00

rosalinux

Advisory ROSA-SA-2023-2220

2023-08-22 13:18:19

gentoo

curl: Multiple Vulnerabilities

2022-12-19 00:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

ics

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.6%

JSON

Related for PRION:CVE-2022-27774