Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2021-22923

UNKNOWN
Published 2021-08-05T00:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-22923. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-89qw-6g6w-269q

Advisory Details

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-22923
WEB https://hackerone.com/reports/1213181
WEB https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V
WEB https://security.gentoo.org/glsa/202212-01
WEB https://security.netapp.com/advisory/ntap-20210902-0003
WEB https://www.oracle.com/security-alerts/cpuoct2021.html

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: March 27, 2024

References

https://hackerone.com/reports/1213181
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://www.oracle.com/security-alerts/cpuoct2021.html
https://security.netapp.com/advisory/ntap-20210902-0003/
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://security.gentoo.org/glsa/202212-01
Published: 2021-08-05T00:00:00
Last Modified: 2024-11-19T14:25:24.567Z
Copied to clipboard!