CVE-2022-27774

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-27774

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-27774.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-27774

Aliases

CURL-CVE-2022-27774

Downstream

ALPINE-CVE-2022-27774

DEBIAN-CVE-2022-27774

DLA-3288-1

DSA-5197-1

OESA-2022-1659

RHSA-2022:5245

RHSA-2022:5313

SUSE-SU-2023:2225-1

UBUNTU-CVE-2022-27774

USN-5397-1

openSUSE-SU-2024:12028-1

Related

Published

2022-06-02T14:15:43Z

Modified

2025-08-09T19:01:29Z

Severity

5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.

References

Affected packages