Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2021-22923

Good to know:

icon

Date: August 5, 2021

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.

Language: C

Severity Score

Related Resources (13)

https://access.redhat.com/security/cve/CVE-2021-22923
https://hackerone.com/reports/1213181
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://security.gentoo.org/glsa/202212-01
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://security.netapp.com/advisory/ntap-20210902-0003/
https://curl.se/docs/CVE-2021-22923.html
https://security-tracker.debian.org/tracker/CVE-2021-22923
https://nvd.nist.gov/vuln/detail/CVE-2021-22923
https://www.oracle.com/security-alerts/cpuoct2021.html
https://security.alpinelinux.org/vuln/CVE-2021-22923
https://www.mend.io/vulnerability-database/CVE-2021-22923

Severity Score

Weakness Type (CWE)

Insufficiently Protected Credentials

CWE-522

Cleartext Transmission of Sensitive Information

CWE-319

Top Fix

icon

Upgrade Version

Upgrade to version curl-7_78_0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): HIGH
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us