High severity8.1NVD Advisory· Published May 26, 2022· Updated May 27, 2026
CVE-2022-22576
CVE-2022-22576
Description
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
27- cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*range: >=8.2.0,<8.2.12
- cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:brocade:fabric_operating_system:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
- osv-coords12 versionspkg:rpm/almalinux/curlpkg:rpm/almalinux/libcurlpkg:rpm/almalinux/libcurl-develpkg:rpm/almalinux/libcurl-minimalpkg:rpm/opensuse/curl&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/curl&distro=openSUSE%20Tumbleweedpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 7.61.1-22.el8_6.3+ 11 more
- (no CPE)range: < 7.61.1-22.el8_6.3
- (no CPE)range: < 7.61.1-22.el8_6.3
- (no CPE)range: < 7.61.1-22.el8_6.3
- (no CPE)range: < 7.61.1-22.el8_6.3
- (no CPE)range: < 7.66.0-150200.4.30.1
- (no CPE)range: < 7.83.0-1.1
- (no CPE)range: < 7.66.0-150200.4.30.1
- (no CPE)range: < 7.66.0-150200.4.30.1
- (no CPE)range: < 7.66.0-150200.4.30.1
- (no CPE)range: < 7.60.0-11.37.1
- (no CPE)range: < 7.60.0-11.37.1
- (no CPE)range: < 7.60.0-11.37.1
Patches
Vulnerability mechanics
References
5- hackerone.com/reports/1526328nvdExploitIssue TrackingThird Party Advisory
- lists.debian.org/debian-lts-announce/2022/08/msg00017.htmlnvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/202212-01nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20220609-0008/nvdThird Party Advisory
- www.debian.org/security/2022/dsa-5197nvdThird Party Advisory
News mentions
0No linked articles in our index yet.