- Description
- When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.
- Source
- 2499f714-1537-4658-8207-48ae4bb9eae9
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 3.4
- Impact score
- 1.4
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
- Severity
- LOW
- Hype score
- Not currently trending
curl の脆弱性 CVE-2024-11053 (CVSS 9.1) が FIX:ユーザー認証情報の漏えいの可能性 https://t.co/Sm37IgJmlG curl と libcurl の脆弱性が FIX しました。ご利用のチームは、ご注意ください。関連する直近の記事は、2023/10/11 の「cURL の深刻な脆弱性 CVE-2023-38545 が FIX:バージョン 8.4.0… https://t.co/S0bhpLhXhs
@iototsecnews
24 Dec 2024
68 Impressions
2 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
tiens, on était passé à côté du security update de cURL : "netrc and redirect credential leak" (CVE-2024-11053)
@lea_linux
17 Dec 2024
1629 Impressions
2 Retweets
14 Likes
1 Bookmark
0 Replies
0 Quotes
cURLで致命的な脆弱性(CVE-2024-11053)|セキュリティニュース https://t.co/NAgtsvAi8g #izumino_trend
@sec_trend
16 Dec 2024
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11053 Criticalなのかい?Lowなのかい?どっちなんだい?? https://t.co/f6fNPapoPj
@_sakojun
16 Dec 2024
96 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Curl Vulnerability Exposes User Credentials in Redirects (CVE-2024-11053) https://t.co/Mpo2B7aeHe
@TMJIntel
15 Dec 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New critical vulnerability in curl (CVE-2024-11053) could leak credentials during redirects if using a .netrc file. Patch now to version 8.11.1 or later! Learn more: https://t.co/J8I3ybsWBa
@Gi7w0rm
15 Dec 2024
1432 Impressions
3 Retweets
15 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2024-11053 (CVSS 9.1): Curl Vulnerability Exposes User Credentials in Redirects Stay informed about the security implications of CVE-2024-11053 in curl. Learn how this vulnerability can potentially compromise user credentials. https://t.co/IPt8XMVHK6
@the_yellow_fall
15 Dec 2024
351 Impressions
2 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
curl project maintainer Daniel Stenberg announced the fix of a 25-year-old bug, CVE-2024-11053, introduced 9039 days ago. With 161 reported CVEs, the median time from introduction to fix is over 7 years, highlighting ongoing memory safety issues. https://t.co/WoT3tDQJE8
@maxiujun
13 Dec 2024
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
curlおよびlibcurlで認証情報が漏えいする可能性のある脆弱性。 curl - netrc and redirect credential leak - CVE-2024-11053 https://t.co/Gbz4WPxtDD
@autumn_good_35
12 Dec 2024
1347 Impressions
3 Retweets
15 Likes
4 Bookmarks
1 Reply
0 Quotes
CVE-2024-11053 When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host unde… https://t.co/P1gG92X7W3
@CVEnew
11 Dec 2024
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11053 Curl `.netrc` Credential Leakage in HTTP Redirects Vulnerability When using curl to handle credentials with a `.netrc` file and follow HTTP redirects, there is a vulnerability where the password fo... https://t.co/XkIRGEkV2c
@VulmonFeeds
11 Dec 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes