Vulnerability CVE-2021-22876

Vulnerability Name:

CVE-2021-22876 (CCN-199186)

Assigned:

2021-03-31

Published:

2021-03-31

Updated:

2022-04-06

Summary:

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.

CVSS v3 Severity:

5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

3.7 Low (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
3.2 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-200

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2021-22876

Source: CONFIRM
Type: Patch, Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Source: CCN
Type: Project curl Security Advisory, March 31st 2021
Automatic referer leaks credentials

Source: MISC
Type: Patch, Vendor Advisory
https://curl.se/docs/CVE-2021-22876.html

Source: XF
Type: UNKNOWN
curl-cve202122876-info-disc(199186)

Source: MISC
Type: Exploit, Issue Tracking, Patch, Third Party Advisory
https://hackerone.com/reports/1101882

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20210517 [SECURITY] [DLA 2664-1] curl security update

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-26a293c72b

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-cab5c9befb

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-065371f385

Source: GENTOO
Type: Third Party Advisory
GLSA-202105-36

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210521-0007/

Source: CCN
Type: IBM Security Bulletin 6471359 (PowerSC)
Vulnerabilities in Curl affect PowerSC (CVE-2021-22876 and CVE-2021-22890)

Source: CCN
Type: IBM Security Bulletin 6479935 (MaaS360)
A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (V2.103.000.051) and Modules

Source: CCN
Type: IBM Security Bulletin 6541298 (Cloud Pak for Automation)
Multiple security vulnerabilities fixed in Cloud Pak for Automation components

Source: CCN
Type: IBM Security Bulletin 6551876 (Cloud Pak for Security)
Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

Source: CCN
Type: IBM Security Bulletin 6560126 (Sterling Connect:Direct for UNIX Certified Container)
IBM Sterling Connect:Direct for UNIX Certified Container is affected by multiple vulnerabilities in Red Hat Universal Base Image version 8.4-206.1626828523 and Binutils version 2.30-93

Source: CCN
Type: IBM Security Bulletin 6574357 (Cloud Private)
Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22876)

Source: CCN
Type: IBM Security Bulletin 6574787 (QRadar SIEM)
IBM QRadar SIEM is vulnerable to using components with Known Vulnerabilities

Source: N/A
Type: Third Party Advisory
N/A

Vulnerable Configuration:

Configuration 1:

cpe:/a:haxx:libcurl:*:*:*:*:*:*:*:* (Version >= 7.1.1 and <= 7.75.0)

Configuration 2:

cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:netapp:hci_management_node:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:solidfire:-:*:*:*:*:*:*:*

OR cpe:/h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

OR cpe:/h:netapp:hci_storage_node:-:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*

Configuration 5:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 6:

cpe:/a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:* (Version < 1.0.1.1)

Configuration 7:

cpe:/a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:essbase:21.2:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.3:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_private:3.2.2:cd:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:21.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:21.0.2:-:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.3:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:3366	P	binutils-devel-32bit-2.37-150100.7.29.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2902	P	curl-7.79.1-150400.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94532	P	curl-7.79.1-150400.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95177	P	NetworkManager-applet-1.24.0-150400.2.9 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:38	P	curl-7.66.0-4.14.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:967	P	Security update for python-libxml2-python (Important)	2022-03-10
oval:org.opensuse.security:def:94478	P	(Moderate)	2022-03-04
oval:org.opensuse.security:def:101890	P	Security update for java-1_8_0-ibm (Important)	2022-01-18
oval:org.opensuse.security:def:112133	P	curl-7.79.1-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:105669	P	Security update for python-Pygments (Important)	2021-12-01
oval:com.redhat.rhsa:def:20214511	P	RHSA-2021:4511: curl security and bug fix update (Moderate)	2021-11-09
oval:org.opensuse.security:def:96783	P	sysvinit-tools-2.88+-1.26 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:97006	P	grub2-x86_64-xen-2.02-24.12 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:62056	P	curl-7.66.0-4.14.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101191	P	libgme-devel-0.6.2-1.17 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100814	P	curl-7.66.0-4.14.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71797	P	curl-7.66.0-4.14.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:99660	P	(Important)	2021-07-20
oval:org.opensuse.security:def:99968	P	(Important)	2021-06-24
oval:org.opensuse.security:def:8763	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:93062	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:70402	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:99262	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:9711	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:92511	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:69652	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:8958	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:93215	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:91924	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:99461	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:10084	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:92710	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:69851	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:98874	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:9330	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:92119	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:10262	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:8585	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:92909	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:70224	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:99069	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:9512	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:92312	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:69470	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:33655	P	Security update for curl (Moderate)	2021-05-27
oval:org.opensuse.security:def:23906	P	Security update for curl (Moderate)	2021-05-27
oval:org.opensuse.security:def:59478	P	Security update for curl (Moderate)	2021-05-27
oval:org.opensuse.security:def:89391	P	Security update for curl (Moderate)	2021-05-27
oval:org.opensuse.security:def:33913	P	Security update for curl (Moderate)	2021-05-27
oval:org.opensuse.security:def:88123	P	Security update for curl (Moderate)	2021-05-27
oval:org.opensuse.security:def:59736	P	Security update for curl (Moderate)	2021-05-27
oval:org.opensuse.security:def:51894	P	Security update for curl (Moderate)	2021-05-27
oval:org.opensuse.security:def:88436	P	Security update for curl (Moderate)	2021-05-27
oval:org.opensuse.security:def:89133	P	Security update for curl (Moderate)	2021-05-27
oval:org.opensuse.security:def:43227	P	Security update for curl (Moderate)	2021-04-28
oval:org.opensuse.security:def:87369	P	Security update for curl (Moderate)	2021-04-28
oval:org.opensuse.security:def:37498	P	Security update for curl (Moderate)	2021-04-28
oval:org.opensuse.security:def:44528	P	Security update for curl (Moderate)	2021-04-28
oval:org.opensuse.security:def:26038	P	Security update for curl (Moderate)	2021-04-28
oval:org.opensuse.security:def:34418	P	Security update for curl (Moderate)	2021-04-28
oval:org.opensuse.security:def:38797	P	Security update for curl (Moderate)	2021-04-28
oval:org.opensuse.security:def:32905	P	Security update for curl (Moderate)	2021-04-28
oval:org.opensuse.security:def:60241	P	Security update for curl (Moderate)	2021-04-28
oval:org.opensuse.security:def:42783	P	Security update for curl (Moderate)	2021-04-28
oval:org.opensuse.security:def:40098	P	Security update for curl (Moderate)	2021-04-28
oval:org.opensuse.security:def:58728	P	Security update for curl (Moderate)	2021-04-28
oval:org.opensuse.security:def:111300	P	Security update for curl (Moderate)	2021-04-05
oval:org.opensuse.security:def:108556	P	Security update for curl (Moderate)	2021-04-01
oval:org.opensuse.security:def:100263	P	(Moderate)	2021-04-01
oval:org.opensuse.security:def:73577	P	Security update for curl (Moderate)	2021-04-01
oval:org.opensuse.security:def:64455	P	Security update for curl (Moderate)	2021-04-01
oval:org.opensuse.security:def:100593	P	(Moderate)	2021-04-01
oval:org.opensuse.security:def:5629	P	Security update for curl (Moderate)	2021-04-01
oval:org.opensuse.security:def:42056	P	Security update for curl (Moderate)	2021-04-01
oval:org.opensuse.security:def:75786	P	Security update for curl (Moderate)	2021-04-01
oval:org.opensuse.security:def:66718	P	Security update for curl (Moderate)	2021-04-01
oval:org.opensuse.security:def:107857	P	Security update for curl (Moderate)	2021-04-01
oval:org.opensuse.security:def:99928	P	(Moderate)	2021-04-01

BACK