CVE-2022-27776

Published Jun 2, 2022

Last updated 8 months ago

CVSS medium 6.5

Overview

Description: A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
Source: support@hackerone.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-522
support@hackerone.com: CWE-522

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F125B29-ADBD-4014-A98C-0FF750CC5648",
            "versionEndExcluding": "7.83.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163"
          },
          {
            "criteria": "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E"
          },
          {
            "criteria": "cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D452B464-1200-4B72-9A89-42DC58486191"
          },
          {
            "criteria": "cpe:2.3:o:brocade:fabric_operating_system:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41CD1160-B681-41EF-9EB4-06CE0F53C501"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D",
            "versionEndExcluding": "8.2.12",
            "versionStartIncluding": "8.2.0"
          },
          {
            "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32",
            "versionEndExcluding": "9.0.6",
            "versionStartIncluding": "9.0.0"
          },
          {
            "criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References