CVE-2022-27774

medium

Splunk

CVSS v3 Base Score

5.7

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

EPSS Score

0.3%

Exploitation probability in 30 days

Top 46% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Confidentiality

High

Integrity

None

Availability

None

Published: June 2, 2022 (1441 days ago)

Last Modified: April 16, 2026

Vendor: Splunk

Source: NVD

Description

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.

CWE

CWE-522

Affected Products

haxx curldebian debian linuxnetapp hci bootstrap osnetapp clustered data ontapnetapp solidfire \& hci management nodenetapp solidfire \& hci storage nodebrocade fabric operating systemnetapp h300s firmwarenetapp h500s firmwarenetapp h700s firmware

References

🔗 hackerone.com 🔗 lists.debian.org 🔗 security.gentoo.org 🔗 security.netapp.com 🔗 www.debian.org

CVE-2022-27774

Vulnerability Report

Description

CWE

Affected Products

References