CVE-2022-30115 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Information disclosure
Description	A vulnerability was found in curl. This issue occurs because when using its HTTP Strict Transport Security(HSTS) support, it can instruct curl to use HTTPS directly instead of using an insecure clear text HTTP step even when HTTP is provided in the URL. This flaw leads to a clear text transmission of sensitive information.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2706	curl	7.83.0-1	7.83.1-1	Medium	Fixed

References
https://seclists.org/oss-sec/2022/q2/97 https://curl.se/docs/CVE-2022-30115.html https://github.com/curl/curl/commit/fae6fea209a2d4d https://github.com/curl/curl/commit/b27ad8e1d3e68e

Notes
Affected versions: curl 7.82.0 to and including 7.83.0 Not affected versions: curl < 7.82.0 and curl >= 7.83.1