Medium severity5.7NVD Advisory· Published Jun 2, 2022· Updated May 27, 2026
CVE-2022-27774
CVE-2022-27774
Description
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
23- cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*range: >=8.2.0,<8.2.12
- cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:brocade:fabric_operating_system:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*
- osv-coords8 versionspkg:rpm/almalinux/curlpkg:rpm/almalinux/libcurlpkg:rpm/almalinux/libcurl-develpkg:rpm/almalinux/libcurl-minimalpkg:rpm/opensuse/curl&distro=openSUSE%20Tumbleweedpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 7.61.1-22.el8_6.3+ 7 more
- (no CPE)range: < 7.61.1-22.el8_6.3
- (no CPE)range: < 7.61.1-22.el8_6.3
- (no CPE)range: < 7.61.1-22.el8_6.3
- (no CPE)range: < 7.61.1-22.el8_6.3
- (no CPE)range: < 7.83.0-1.1
- (no CPE)range: < 8.0.1-11.65.2
- (no CPE)range: < 8.0.1-11.65.2
- (no CPE)range: < 8.0.1-11.65.2
Patches
Vulnerability mechanics
References
5- hackerone.com/reports/1543773nvdExploitThird Party Advisory
- lists.debian.org/debian-lts-announce/2023/01/msg00028.htmlnvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/202212-01nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20220609-0008/nvdThird Party Advisory
- www.debian.org/security/2022/dsa-5197nvdThird Party Advisory
News mentions
0No linked articles in our index yet.