Your submission was sent successfully! Close

CVE-2022-27776

Published: 27 April 2022

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
curl
Launchpad, Ubuntu, Debian
bionic
Released (7.58.0-2ubuntu3.17)
focal
Released (7.68.0-1ubuntu2.10)
impish
Released (7.74.0-1.3ubuntu2.1)
jammy
Released (7.81.0-1ubuntu1.1)
trusty Ignored
(regressions possible)
upstream
Released (7.83.0)
xenial Ignored
(regressions possible)