CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 1CVE-2022-32207 – curl: Unpreserved file permissions
https://notcve.org/view.php?id=CVE-2022-32207
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. Cuando curl versiones anteriores a 7.84.0, guarda datos de cookies, alt-svc y hsts en archivos locales, hace que la operación sea atómica al finalizar la operación con un renombramiento de un nombre temporal al nombre final del archivo de destino. En esa operación de renombramiento, podría accidentalmente *ampliar* los permisos del archivo de destino, dejando el archivo actualizado accesible a más usuarios de los previstos A vulnerability was found in curl. This issue occurs because when curl saves cookies, alt-svc, and HSTS data to local files, it makes the operation atomic by finalizing the process with a rename from a temporary name to the final target file name. This flaw leads to unpreserved file permissions, either by mistake or by a malicious actor. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://hackerone.com/reports/1573634 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220915-0003 https://support.apple.com/kb/HT213488 https://www.debian.org/security/2022/dsa-5197 https://access.redhat.com/security/cve/CVE-2022-32207 http • CWE-276: Incorrect Default Permissions CWE-281: Improper Preservation of Permissions CWE-840: Business Logic Errors •
CVSS: 8.1EPSS: 0%CPEs: 23EXPL: 1CVE-2022-27778
https://notcve.org/view.php?id=CVE-2022-27778
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. Una vulnerabilidad en el uso de nombres resueltos incorrectamente, corregida en versión 7.83.1, podía eliminar el archivo equivocado cuando es usado "--no-clobber" junto con "--remove-on-error" • https://hackerone.com/reports/1553598 https://security.netapp.com/advisory/ntap-20220609-0009 https://security.netapp.com/advisory/ntap-20220729-0004 https://www.oracle.com/security-alerts/cpujul2022.html • CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 5.3EPSS: 0%CPEs: 18EXPL: 1CVE-2022-27779
https://notcve.org/view.php?id=CVE-2022-27779
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain. libcurl permite erróneamente que se establezcan cookies para Dominios de Alto Nivel (TLDs) si el nombre de host es proporcionado con un punto al final. curl puede recibir y enviar cookies. "cookie engine" de curl puede construirse con o sin conocimiento de la [Lista de Sufijos Públicos] (https://publicsuffix.org/). Si no es proporcionado soporte de PSL, se presenta una comprobación más rudimentaria para al menos evitar que sean establecidas cookies en los TLD. • https://hackerone.com/reports/1553301 https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220609-0009 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 1CVE-2022-27775 – curl: bad local IPv6 connection reuse
https://notcve.org/view.php?id=CVE-2022-27775
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. Se presenta una vulnerabilidad de divulgación de información en curl versiones 7.65.0 a 7.82.0, son vulnerables que al usar una dirección IPv6 que estaba en el pool de conexiones pero con un id de zona diferente podría reusar una conexión en su lugar A vulnerability was found in curl. This security flaw occurs due to errors in the logic where the config matching function did not take the IPv6 address zone id into account. This issue can lead to curl reusing the wrong connection when one transfer uses a zone id, and the subsequent transfer uses another. • https://hackerone.com/reports/1546268 https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220609-0008 https://www.debian.org/security/2022/dsa-5197 https://access.redhat.com/security/cve/CVE-2022-27775 https://bugzilla.redhat.com/show_bug.cgi?id=2078388 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.7EPSS: 0%CPEs: 20EXPL: 1CVE-2022-27774 – curl: credential leak on redirect
https://notcve.org/view.php?id=CVE-2022-27774
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. Una vulnerabilidad de credenciales insuficientemente protegidas se presenta en curl versión 4.9 a e incluyen curl versión 7.82.0 están afectados que podría permitir a un atacante para extraer credenciales cuando sigue redireccionamientos HTTP(S) es usado con la autenticación podría filtrar credenciales a otros servicios que se presentan en diferentes protocolos o números de puerto A vulnerability was found in curl. This security flaw allows leaking credentials to other servers when it follows redirects from auth-protected HTTP(S) URLs to other protocols and port numbers. • https://hackerone.com/reports/1543773 https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html https://security.gentoo.org/glsa/202212-01 https://security.netapp.com/advisory/ntap-20220609-0008 https://www.debian.org/security/2022/dsa-5197 https://access.redhat.com/security/cve/CVE-2022-27774 https://bugzilla.redhat.com/show_bug.cgi?id=2077547 • CWE-522: Insufficiently Protected Credentials •