CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
79.3%
Software: curl 7.61.1
OS: ROSA Virtualization 2.1
package_evr_string: curl-7.61.1-30.rv3.2c.src.rpm
CVE-ID: CVE-2022-22576
BDU-ID: 2022-03036
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the OAUTH2 protocol implementation of the cURL command line utility is related to the reuse of a connection with the same credentials. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the authentication process and gain unauthorized access to protected information
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update curl command
CVE-ID: CVE-2022-27776
BDU-ID: 2022-03040
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the cURL command-line utility is associated with a leak of authentication data or cookie headers during an HTTP redirect to the same host but with a different port number. Exploitation of the vulnerability could allow an attacker acting remotely to mistakenly send the same set of headers to hosts that are identical to the first but use a different port number or URL scheme
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update curl command
CVE-ID: CVE-2022-27774
BDU-ID: 2022-03041
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the cURL command line utility is related to an application attempting to perform redirects during the authentication process. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information by performing redirects to other URLs
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update curl command
CVE-ID: CVE-2022-27782
BDU-ID: 2022-03185
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the TLS and SSH protocol implementation of the cURL command line utility is related to flaws in the authentication procedure when using a previously established connection in a connection pool. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update curl command
CVE-ID: CVE-2022-32208
BDU-ID: 2022-06911
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the CURL server communication software tool is related to writing beyond buffer boundaries. Exploitation of the vulnerability allows an attacker acting remotely to gain access to sensitive data
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update curl command
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
79.3%