CVE-2022-27774 - log back

CVE-2022-27774 edited at 27 Apr 2022 16:30:43
Description
+ curl leaks credentials to other servers when it follows redirects from auth protected HTTP(S) URLs to other protocols and port numbers. It could also leak the TLS SRP credentials this way.
- curl follows HTTP(S) redirects when asked to. curl also supports authentication. When a user and password are provided for a URL with a given hostname, curl makes an effort to not pass on those credentials to other hosts in redirects unless given permission with a special option.
-
- This "same host check" has been flawed all since it was introduced. It does not work on cross protocol redirects and it does not consider different port numbers to be separate hosts. This leads to curl leaking credentials to other servers when it follows redirects from auth protected HTTP(S) URLs to other protocols and port numbers. It could also leak the TLS SRP credentials this way.
CVE-2022-27774 edited at 27 Apr 2022 16:15:11
Description
+ curl follows HTTP(S) redirects when asked to. curl also supports authentication. When a user and password are provided for a URL with a given hostname, curl makes an effort to not pass on those credentials to other hosts in redirects unless given permission with a special option.
+
+ This "same host check" has been flawed all since it was introduced. It does not work on cross protocol redirects and it does not consider different port numbers to be separate hosts. This leads to curl leaking credentials to other servers when it follows redirects from auth protected HTTP(S) URLs to other protocols and port numbers. It could also leak the TLS SRP credentials this way.
Notes
+ We are not aware of any exploit of this flaw.
CVE-2022-27774 created at 27 Apr 2022 16:11:11
Severity
+ Medium
Remote
+ Local
Type
+ Information disclosure
Description
References
+ https://curl.se/docs/CVE-2022-27774.html
Notes