CVE-2022-27776

Medium

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP…

hackerone·CWE-522·Published 2022-06-01

CVSS

6.5

EPSS

0.03

KEV

Exploits

cve.orgen

184 chars

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

NVDen

184 chars

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

NVDes

233 chars

Una vulnerabilidad de credenciales insuficientemente protegidas fijada en curl versión 7.83.0, podría filtrar datos de autenticación o de encabezados de cookies en redireccionamientos HTTP al mismo host pero con otro número de puerto

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N