CVE-2022-27774 Credentials could be leaked when HTTP(S) redirects are used with authentication.

CVE-2022-27774 Credentials could be leaked when HTTP(S) redirects are used with authentication.

An attacker could exploit these to extract user credentials, session tokens, or other information that would otherwise be protected by HTTP(S) redirects. An attacker could also inject fake HTTP(S) redirection responses that purport to come from other services, possibly tricking the user into thinking the attacker’s services are the target of the attack. Mitigating Factors: curl does not follow HTTP(S) redirects that have a Host header that does not match the real hostname.

CVE-2022-27775

An attacker could exploit these to cause curl to send requests to a different host than the one being requested, possibly tricking the user into thinking the attacker’s services are the target of the attack. Mitigating Factors: curl does not follow HTTP(S) redirects that have a Host header that does not match the real hostname.
CVE-2022-27801
An attacker could exploit these to cause curl to send requests with overly long headers, which may make it possible to extract private information or bypass authentication mechanisms, in violation of HTTP's security model. Mitigating Factors: curl limits request headers length by default and disables HEAD requests by default.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe