← Back

CVE-2022-27774

nvd nist
Published: Jun 2, 2022Modified: May 27, 2026

JSON object

Loading...
5.7
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Exploitability: 2.1 / Impact: 3.6
Source: NVD

Description

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.

Affected (15)

Show all products
Haxx: Curl · Debian: Debian Linux · Netapp: Hci Bootstrap Os, Clustered Data Ontap, Solidfire & Hci Management Node, Solidfire & Hci Storage Node, H300s Firmware, H500s Firmware, H700s Firmware, H410s Firmware · Brocade: Fabric Operating System · Splunk: Universal Forwarder
Haxx
1 product
Curl
Debian
1 product
Debian Linux
Netapp
8 products
Hci Bootstrap Os
Clustered Data Ontap
Solidfire & Hci Management Node
Solidfire & Hci Storage Node
H300s Firmware
H500s Firmware
H700s Firmware
H410s Firmware
Brocade
1 product
Fabric Operating System
Splunk
1 product
Universal Forwarder
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Curl
From 4.9 to 7.82.0
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 10.0
Debian Linux
Version 11.0
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Hci Bootstrap Os
All versions
Running on/withPlatform Versions
Netapp
Hci Compute Node
All versions
Configuration D
4 vulnerable
Vulnerable SoftwareAffected Versions
Fabric Operating System
All versions
Clustered Data Ontap
All versions
Solidfire & Hci Management Node
All versions
Solidfire & Hci Storage Node
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H300s Firmware
All versions
Running on/withPlatform Versions
Netapp
H300s
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H500s Firmware
All versions
Running on/withPlatform Versions
Netapp
H500s
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H700s Firmware
All versions
Running on/withPlatform Versions
Netapp
H700s
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
H410s Firmware
All versions
Running on/withPlatform Versions
Netapp
H410s
All versions
Configuration I
3 vulnerable
Vulnerable SoftwareAffected Versions
Splunk
Universal Forwarder
From 8.2.0 to 8.2.12
Universal Forwarder
From 9.0.0 to 9.0.6
Universal Forwarder
Version 9.1.0

Related CWEs

CWE-522
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (11)

Source: support@hackerone.com
ExploitThird Party Advisory
Source: support@hackerone.com
Mailing ListThird Party Advisory
Source: support@hackerone.com
Third Party Advisory
Source: support@hackerone.com
Third Party Advisory
Source: support@hackerone.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
ExploitThird Party Advisory

Timeline

No history available yet.