UBUNTU-CVE-2022-27774
- Source
- https://ubuntu.com/security/CVE-2022-27774
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-27774.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-27774
- Related
- Published
- 2022-04-27T06:00:00Z
- Modified
- 2022-04-27T06:00:00Z
- Severity
-
- 5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
- References
Affected packages
Ubuntu:Pro:14.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl?arch=src?distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.32.0-1ubuntu1
7.33.0-1ubuntu1
7.34.0-1ubuntu1
7.35.0-1ubuntu1
7.35.0-1ubuntu2
7.35.0-1ubuntu2.1
7.35.0-1ubuntu2.2
7.35.0-1ubuntu2.3
7.35.0-1ubuntu2.5
7.35.0-1ubuntu2.6
7.35.0-1ubuntu2.7
7.35.0-1ubuntu2.8
7.35.0-1ubuntu2.9
7.35.0-1ubuntu2.10
7.35.0-1ubuntu2.11
7.35.0-1ubuntu2.12
7.35.0-1ubuntu2.13
7.35.0-1ubuntu2.14
7.35.0-1ubuntu2.15
7.35.0-1ubuntu2.16
7.35.0-1ubuntu2.17
7.35.0-1ubuntu2.19
7.35.0-1ubuntu2.20
7.35.0-1ubuntu2.20+esm3
7.35.0-1ubuntu2.20+esm4
7.35.0-1ubuntu2.20+esm5
7.35.0-1ubuntu2.20+esm6
7.35.0-1ubuntu2.20+esm7
7.35.0-1ubuntu2.20+esm8
7.35.0-1ubuntu2.20+esm9
7.35.0-1ubuntu2.20+esm10
7.35.0-1ubuntu2.20+esm11
7.35.0-1ubuntu2.20+esm12
7.35.0-1ubuntu2.20+esm13
7.35.0-1ubuntu2.20+esm14
7.35.0-1ubuntu2.20+esm15
7.35.0-1ubuntu2.20+esm16
7.35.0-1ubuntu2.20+esm17
7.35.0-1ubuntu2.20+esm18
Ubuntu:Pro:16.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl?arch=src?distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.43.0-1ubuntu2
7.45.0-1ubuntu1
7.46.0-1ubuntu1
7.47.0-1ubuntu1
7.47.0-1ubuntu2
7.47.0-1ubuntu2.1
7.47.0-1ubuntu2.2
7.47.0-1ubuntu2.3
7.47.0-1ubuntu2.4
7.47.0-1ubuntu2.5
7.47.0-1ubuntu2.6
7.47.0-1ubuntu2.7
7.47.0-1ubuntu2.8
7.47.0-1ubuntu2.9
7.47.0-1ubuntu2.11
7.47.0-1ubuntu2.12
7.47.0-1ubuntu2.13
7.47.0-1ubuntu2.14
7.47.0-1ubuntu2.15
7.47.0-1ubuntu2.16
7.47.0-1ubuntu2.18
7.47.0-1ubuntu2.19
7.47.0-1ubuntu2.19+esm1
7.47.0-1ubuntu2.19+esm2
7.47.0-1ubuntu2.19+esm3
7.47.0-1ubuntu2.19+esm4
7.47.0-1ubuntu2.19+esm5
7.47.0-1ubuntu2.19+esm6
7.47.0-1ubuntu2.19+esm7
7.47.0-1ubuntu2.19+esm8
7.47.0-1ubuntu2.19+esm9
7.47.0-1ubuntu2.19+esm10
7.47.0-1ubuntu2.19+esm11
7.47.0-1ubuntu2.19+esm12
7.47.0-1ubuntu2.19+esm13
Ubuntu:18.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.58.0-2ubuntu3.17
Affected versions
7.*
7.55.1-1ubuntu2
7.55.1-1ubuntu2.1
7.57.0-1ubuntu1
7.58.0-2ubuntu1
7.58.0-2ubuntu2
7.58.0-2ubuntu3
7.58.0-2ubuntu3.1
7.58.0-2ubuntu3.2
7.58.0-2ubuntu3.3
7.58.0-2ubuntu3.5
7.58.0-2ubuntu3.6
7.58.0-2ubuntu3.7
7.58.0-2ubuntu3.8
7.58.0-2ubuntu3.9
7.58.0-2ubuntu3.10
7.58.0-2ubuntu3.12
7.58.0-2ubuntu3.13
7.58.0-2ubuntu3.14
7.58.0-2ubuntu3.15
7.58.0-2ubuntu3.16
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "7.58.0-2ubuntu3.17",
"binary_name": "curl"
},
{
"binary_version": "7.58.0-2ubuntu3.17",
"binary_name": "curl-dbgsym"
},
{
"binary_version": "7.58.0-2ubuntu3.17",
"binary_name": "libcurl3-gnutls"
},
{
"binary_version": "7.58.0-2ubuntu3.17",
"binary_name": "libcurl3-gnutls-dbgsym"
},
{
"binary_version": "7.58.0-2ubuntu3.17",
"binary_name": "libcurl3-nss"
},
{
"binary_version": "7.58.0-2ubuntu3.17",
"binary_name": "libcurl3-nss-dbgsym"
},
{
"binary_version": "7.58.0-2ubuntu3.17",
"binary_name": "libcurl4"
},
{
"binary_version": "7.58.0-2ubuntu3.17",
"binary_name": "libcurl4-dbgsym"
},
{
"binary_version": "7.58.0-2ubuntu3.17",
"binary_name": "libcurl4-doc"
},
{
"binary_version": "7.58.0-2ubuntu3.17",
"binary_name": "libcurl4-gnutls-dev"
},
{
"binary_version": "7.58.0-2ubuntu3.17",
"binary_name": "libcurl4-nss-dev"
},
{
"binary_version": "7.58.0-2ubuntu3.17",
"binary_name": "libcurl4-openssl-dev"
}
]
}
Ubuntu:20.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.68.0-1ubuntu2.10
Affected versions
7.*
7.65.3-1ubuntu3
7.65.3-1ubuntu4
7.66.0-1ubuntu1
7.67.0-2ubuntu1
7.68.0-1ubuntu1
7.68.0-1ubuntu2
7.68.0-1ubuntu2.1
7.68.0-1ubuntu2.2
7.68.0-1ubuntu2.4
7.68.0-1ubuntu2.5
7.68.0-1ubuntu2.6
7.68.0-1ubuntu2.7
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "7.68.0-1ubuntu2.10",
"binary_name": "curl"
},
{
"binary_version": "7.68.0-1ubuntu2.10",
"binary_name": "curl-dbgsym"
},
{
"binary_version": "7.68.0-1ubuntu2.10",
"binary_name": "libcurl3-gnutls"
},
{
"binary_version": "7.68.0-1ubuntu2.10",
"binary_name": "libcurl3-gnutls-dbgsym"
},
{
"binary_version": "7.68.0-1ubuntu2.10",
"binary_name": "libcurl3-nss"
},
{
"binary_version": "7.68.0-1ubuntu2.10",
"binary_name": "libcurl3-nss-dbgsym"
},
{
"binary_version": "7.68.0-1ubuntu2.10",
"binary_name": "libcurl4"
},
{
"binary_version": "7.68.0-1ubuntu2.10",
"binary_name": "libcurl4-dbgsym"
},
{
"binary_version": "7.68.0-1ubuntu2.10",
"binary_name": "libcurl4-doc"
},
{
"binary_version": "7.68.0-1ubuntu2.10",
"binary_name": "libcurl4-gnutls-dev"
},
{
"binary_version": "7.68.0-1ubuntu2.10",
"binary_name": "libcurl4-nss-dev"
},
{
"binary_version": "7.68.0-1ubuntu2.10",
"binary_name": "libcurl4-openssl-dev"
}
]
}
Ubuntu:22.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.81.0-1ubuntu1.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "7.81.0-1ubuntu1.1",
"binary_name": "curl"
},
{
"binary_version": "7.81.0-1ubuntu1.1",
"binary_name": "curl-dbgsym"
},
{
"binary_version": "7.81.0-1ubuntu1.1",
"binary_name": "libcurl3-gnutls"
},
{
"binary_version": "7.81.0-1ubuntu1.1",
"binary_name": "libcurl3-gnutls-dbgsym"
},
{
"binary_version": "7.81.0-1ubuntu1.1",
"binary_name": "libcurl3-nss"
},
{
"binary_version": "7.81.0-1ubuntu1.1",
"binary_name": "libcurl3-nss-dbgsym"
},
{
"binary_version": "7.81.0-1ubuntu1.1",
"binary_name": "libcurl4"
},
{
"binary_version": "7.81.0-1ubuntu1.1",
"binary_name": "libcurl4-dbgsym"
},
{
"binary_version": "7.81.0-1ubuntu1.1",
"binary_name": "libcurl4-doc"
},
{
"binary_version": "7.81.0-1ubuntu1.1",
"binary_name": "libcurl4-gnutls-dev"
},
{
"binary_version": "7.81.0-1ubuntu1.1",
"binary_name": "libcurl4-nss-dev"
},
{
"binary_version": "7.81.0-1ubuntu1.1",
"binary_name": "libcurl4-openssl-dev"
}
]
}