CVE-2022-27776

Summary

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

Affected Software

VendorProductVersion RangeStatus
n/ahttps://github.com/curl/curlfixed in curl 7.83.0affected

Weaknesses

  • CWE-522: Insufficiently Protected Credentials (CWE-522)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References