Vulnerability Details : CVE-2022-27776

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
Publish Date : 2022-06-02 Last Update Date : 2023-01-05

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	4.3
Confidentiality Impact	Partial (There is considerable informational disclosure.)
Integrity Impact	None (There is no impact to the integrity of the system)
Availability Impact	None (There is no impact to the availability of the system.)
Access Complexity	Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)
CWE ID	522

- Related OVAL Definitions

Title	Definition Id	Class	Family
RHSA-2022:5245: curl security update (Moderate)	oval:com.redhat.rhsa:def:20225245		unix
RHSA-2022:5313: curl security update (Moderate)	oval:com.redhat.rhsa:def:20225313		unix

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2022-27776

#	Product Type	Vendor	Product	Version	Update	Edition	Language
1	OS	Brocade	Fabric Operating System	-	*	*	*	Version Details Vulnerabilities
2	OS	Debian	Debian Linux	10.0	*	*	*	Version Details Vulnerabilities
3	OS	Debian	Debian Linux	11.0	*	*	*	Version Details Vulnerabilities
4	OS	Fedoraproject	Fedora	36	*	*	*	Version Details Vulnerabilities
5	OS	Fedoraproject	Fedora	37	*	*	*	Version Details Vulnerabilities
6	Application	Haxx	Curl	*	*	*	*	Version Details Vulnerabilities
7	Application	Netapp	Clustered Data Ontap	-	*	*	*	Version Details Vulnerabilities
8	Application	Netapp	Solidfire \& Hci Management Node	-	*	*	*	Version Details Vulnerabilities
9	Application	Netapp	Solidfire \& Hci Storage Node	-	*	*	*	Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Brocade	Fabric Operating System	1
Debian	Debian Linux	2
Fedoraproject	Fedora	2
Haxx	Curl	1
Netapp	Clustered Data Ontap	1
Netapp	Solidfire \& Hci Management Node	1
Netapp	Solidfire \& Hci Storage Node	1

- References For CVE-2022-27776

https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html
MLIST [debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update

https://security.gentoo.org/glsa/202212-01
GENTOO GLSA-202212-01

https://www.debian.org/security/2022/dsa-5197
DEBIAN DSA-5197

https://hackerone.com/reports/1547048

https://lists.fedoraproject.org/archives/list/[email protected]/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/
FEDORA FEDORA-2022-f83aec6d57

https://lists.fedoraproject.org/archives/list/[email protected]/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/
FEDORA FEDORA-2022-bca2c95559

https://security.netapp.com/advisory/ntap-20220609-0008/ CONFIRM

- Vulnerability Conditions

Vulnerability is valid if product versions listed below are used 0
Brocade Fabric Operating System * * * Netapp Solidfire \& Hci Storage Node * * * Netapp Solidfire \& Hci Management Node * * * Netapp Clustered Data Ontap * * * Debian Debian Linux 11.0 * * * Debian Debian Linux 10.0 * * * Fedoraproject Fedora 37 * * * Fedoraproject Fedora 36 * * * Haxx Curl * * * *	Netapp H300s * * * Netapp H300s Firmware * * * Netapp H410s * * * Netapp H410s Firmware * * * Netapp H500s * * * Netapp H500s Firmware * * * Netapp H700s * * * Netapp H700s Firmware * * * Netapp Hci Bootstrap Os * * * Netapp Hci Compute Node * * *
Vulnerability is valid if product versions listed below are used 0
Brocade Fabric Operating System * * * Netapp Solidfire \& Hci Storage Node * * * Netapp Solidfire \& Hci Management Node * * * Netapp Clustered Data Ontap * * * Debian Debian Linux 11.0 * * * Debian Debian Linux 10.0 * * * Fedoraproject Fedora 37 * * * Fedoraproject Fedora 36 * * * Haxx Curl * * * *	Netapp H300s * * * Netapp H300s Firmware * * * Netapp H410s * * * Netapp H410s Firmware * * * Netapp H500s * * * Netapp H500s Firmware * * * Netapp H700s * * * Netapp H700s Firmware * * * Netapp Hci Bootstrap Os * * * Netapp Hci Compute Node * * *
Vulnerability is valid if product versions listed below are used 0
Brocade Fabric Operating System * * * Netapp Solidfire \& Hci Storage Node * * * Netapp Solidfire \& Hci Management Node * * * Netapp Clustered Data Ontap * * * Debian Debian Linux 11.0 * * * Debian Debian Linux 10.0 * * * Fedoraproject Fedora 37 * * * Fedoraproject Fedora 36 * * * Haxx Curl * * * *	Netapp H300s * * * Netapp H300s Firmware * * * Netapp H410s * * * Netapp H410s Firmware * * * Netapp H500s * * * Netapp H500s Firmware * * * Netapp H700s * * * Netapp H700s Firmware * * * Netapp Hci Bootstrap Os * * * Netapp Hci Compute Node * * *
Vulnerability is valid if product versions listed below are used 0
Brocade Fabric Operating System * * * Netapp Solidfire \& Hci Storage Node * * * Netapp Solidfire \& Hci Management Node * * * Netapp Clustered Data Ontap * * * Debian Debian Linux 11.0 * * * Debian Debian Linux 10.0 * * * Fedoraproject Fedora 37 * * * Fedoraproject Fedora 36 * * * Haxx Curl * * * *	Netapp H300s * * * Netapp H300s Firmware * * * Netapp H410s * * * Netapp H410s Firmware * * * Netapp H500s * * * Netapp H500s Firmware * * * Netapp H700s * * * Netapp H700s Firmware * * * Netapp Hci Bootstrap Os * * * Netapp Hci Compute Node * * *
Vulnerability is valid if product versions listed below are used 0
Brocade Fabric Operating System * * * Netapp Solidfire \& Hci Storage Node * * * Netapp Solidfire \& Hci Management Node * * * Netapp Clustered Data Ontap * * * Debian Debian Linux 11.0 * * * Debian Debian Linux 10.0 * * * Fedoraproject Fedora 37 * * * Fedoraproject Fedora 36 * * * Haxx Curl * * * *	Netapp H300s * * * Netapp H300s Firmware * * * Netapp H410s * * * Netapp H410s Firmware * * * Netapp H500s * * * Netapp H500s Firmware * * * Netapp H700s * * * Netapp H700s Firmware * * * Netapp Hci Bootstrap Os * * * Netapp Hci Compute Node * * *
Vulnerability is valid if product versions listed below are used 0
Brocade Fabric Operating System * * * Netapp Solidfire \& Hci Storage Node * * * Netapp Solidfire \& Hci Management Node * * * Netapp Clustered Data Ontap * * * Debian Debian Linux 11.0 * * * Debian Debian Linux 10.0 * * * Fedoraproject Fedora 37 * * * Fedoraproject Fedora 36 * * * Haxx Curl * * * *	Netapp H300s * * * Netapp H300s Firmware * * * Netapp H410s * * * Netapp H410s Firmware * * * Netapp H500s * * * Netapp H500s Firmware * * * Netapp H700s * * * Netapp H700s Firmware * * * Netapp Hci Bootstrap Os * * * Netapp Hci Compute Node * * *
Vulnerability is valid if product versions listed below are used 0
Brocade Fabric Operating System * * * Netapp Solidfire \& Hci Storage Node * * * Netapp Solidfire \& Hci Management Node * * * Netapp Clustered Data Ontap * * * Debian Debian Linux 11.0 * * * Debian Debian Linux 10.0 * * * Fedoraproject Fedora 37 * * * Fedoraproject Fedora 36 * * * Haxx Curl * * * *	Netapp H300s * * * Netapp H300s Firmware * * * Netapp H410s * * * Netapp H410s Firmware * * * Netapp H500s * * * Netapp H500s Firmware * * * Netapp H700s * * * Netapp H700s Firmware * * * Netapp Hci Bootstrap Os * * * Netapp Hci Compute Node * * *
Vulnerability is valid if product versions listed below are used 0
Brocade Fabric Operating System * * * Netapp Solidfire \& Hci Storage Node * * * Netapp Solidfire \& Hci Management Node * * * Netapp Clustered Data Ontap * * * Debian Debian Linux 11.0 * * * Debian Debian Linux 10.0 * * * Fedoraproject Fedora 37 * * * Fedoraproject Fedora 36 * * * Haxx Curl * * * *	Netapp H300s * * * Netapp H300s Firmware * * * Netapp H410s * * * Netapp H410s Firmware * * * Netapp H500s * * * Netapp H500s Firmware * * * Netapp H700s * * * Netapp H700s Firmware * * * Netapp Hci Bootstrap Os * * * Netapp Hci Compute Node * * *
Vulnerability is valid if product versions listed below are used 0
Brocade Fabric Operating System * * * Netapp Solidfire \& Hci Storage Node * * * Netapp Solidfire \& Hci Management Node * * * Netapp Clustered Data Ontap * * * Debian Debian Linux 11.0 * * * Debian Debian Linux 10.0 * * * Fedoraproject Fedora 37 * * * Fedoraproject Fedora 36 * * * Haxx Curl * * * *	Netapp H300s * * * Netapp H300s Firmware * * * Netapp H410s * * * Netapp H410s Firmware * * * Netapp H500s * * * Netapp H500s Firmware * * * Netapp H700s * * * Netapp H700s Firmware * * * Netapp Hci Bootstrap Os * * * Netapp Hci Compute Node * * *

- Metasploit Modules Related To CVE-2022-27776

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)