Lucene search
PRIOn knowledge basePRION:CVE-2022-27776HistoryJun 02, 2022 - 2:15 p.m.
Design/Logic Flaw
2022-06-0214:15:00
PRIOn knowledge base
www.prio-n.com
12
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
| CPE | Name | Operator | Version |
|---|---|---|---|
| debian_linux | eq | 10.0 | |
| debian_linux | eq | 11.0 | |
| fedora | eq | 36 | |
| fedora | eq | 37 | |
| curl | lt | 7.83.0 |
References
hackerone.com/reports/1547048
lists.debian.org/debian-lts-announce/2022/08/msg00017.html
lists.fedoraproject.org/archives/list/[email protected]/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/
lists.fedoraproject.org/archives/list/[email protected]/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/
security.gentoo.org/glsa/202212-01
security.netapp.com/advisory/ntap-20220609-0008/
www.debian.org/security/2022/dsa-5197
Related
hackerone
hackerone
curl: Credential leak on redirect
2022-05-13 11:31:21
curl: CVE-2022-27776: Auth/cookie leak on redirect
2022-04-21 15:20:43
Internet Bug Bounty: CVE-2022-27776: Auth/cookie leak on redirect
2022-04-27 07:10:47
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to loss of confidentiality due to CVE-2022-27776
2022-11-04 18:06:17
cvelist
cvelist
CVE-2022-27776
2022-06-01 00:00:00
veracode
veracode
Information Disclosure
2022-04-30 16:23:48
alpinelinux
alpinelinux
CVE-2022-27776
2022-06-02 14:15:43
redhatcve
redhatcve
CVE-2022-27776
2022-04-27 06:55:50
ubuntucve
ubuntucve
CVE-2022-27776
2022-04-27 00:00:00
debiancve
debiancve
CVE-2022-27776
2022-06-02 14:15:43
osv
osv
CVE-2022-27776
2022-06-02 14:15:43
Change in port should be considered a change in origin
2022-06-21 20:07:16
cve
cve
CVE-2022-27776
2022-06-02 14:15:43
cbl_mariner
cbl_mariner
CVE-2022-27776 affecting package curl 7.76.0-9
2022-05-12 02:16:39
nvd
nvd
CVE-2022-27776
2022-06-02 14:15:43
mscve
mscve
rubygems
rubygems
Authorization header leak on port redirect in mechanize
2022-06-08 21:00:00
nessus
nessus
FreeBSD : mediawiki -- multiple vulnerabilities (5ab54ea0-fa94-11ec-996c-080027b24e86)
2022-07-03 00:00:00
SUSE SLES12 Security Update : curl (SUSE-SU-2022:1680-1)
2022-05-17 00:00:00
SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2022:1657-1)
2022-05-14 00:00:00
friendsofphp
friendsofphp
CURLOPT_HTTPAUTH option not cleared on change of origin
2022-06-20 22:24:00
Change in port should be considered a change in origin
2022-06-20 22:24:00
github
github
CURLOPT_HTTPAUTH option not cleared on change of origin
2022-06-21 16:57:10
Change in port should be considered a change in origin
2022-06-21 20:07:16
freebsd
freebsd
mediawiki -- multiple vulnerabilities
2022-05-16 00:00:00
cURL -- Multiple vulnerabilities
2022-04-27 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:1680-1)
2022-05-17 00:00:00
openSUSE: Security Advisory for curl (SUSE-SU-2022:1657-1)
2022-05-17 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:1657-1)
2022-05-16 00:00:00
suse
suse
Security update for curl (moderate)
2022-05-13 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: mediawiki-1.38.2-1.fc37
2022-09-12 17:57:50
[SECURITY] Fedora 36 Update: curl-7.82.0-4.fc36
2022-05-07 05:15:01
[SECURITY] Fedora 35 Update: curl-7.79.1-4.fc35
2022-05-18 01:11:50
cloudfoundry
cloudfoundry
USN-5397-1: curl vulnerabilities | Cloud Foundry
2022-05-23 00:00:00
rocky
rocky
curl security update
2022-06-28 10:52:02
slackware
slackware
[slackware-security] curl
2022-04-27 21:48:34
redhat
redhat
(RHSA-2022:5313) Moderate: curl security update
2022-06-28 10:52:02
(RHSA-2022:5245) Moderate: curl security update
2022-06-28 08:27:15
amazon
amazon
Medium: curl
2022-05-04 01:01:00
Medium: curl
2022-12-01 17:33:00
oraclelinux
oraclelinux
curl security update
2022-06-30 00:00:00
curl security update
2022-06-30 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2022-04-28 00:00:00
mageia
mageia
Updated curl packages fix security vulnerability
2022-05-02 22:44:52
redos
redos
ROS-20220516-09
2022-05-16 00:00:00
almalinux
almalinux
Moderate: curl security update
2022-06-30 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2220
2023-08-22 13:18:19
photon
photon
Important Photon OS Security Update - PHSA-2022-0205
2022-06-27 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0205
2022-06-27 00:00:00
Important Photon OS Security Update - PHSA-2022-0486
2022-06-19 00:00:00
debian
debian
[SECURITY] [DLA 3085-1] curl security update
2022-08-28 23:00:51
[SECURITY] [DSA 5197-1] curl security update
2022-08-01 16:58:44
gentoo
gentoo
curl: Multiple Vulnerabilities
2022-12-19 00:00:00
mskb
mskb
July 12, 2022โKB5015814 (OS Build 22000.795)
2022-07-12 07:00:00
July 12, 2022โKB5015811 (OS Build 17763.3165)
2022-07-12 07:00:00
July 12, 2022โKB5015827 (OS Build 20348.825)
2022-07-12 07:00:00
kaspersky
kaspersky
KLA12580 Multiple vulnerabilities in Microsoft Windows
2022-07-12 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - July 2022
2022-07-12 19:40:15
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00