Vulnerability Name:

CVE-2022-27774 (CCN-225294)

Assigned:2022-04-27
Published:2022-04-27
Updated:2023-02-23
Summary:An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
CVSS v3 Severity:5.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N)
5.0 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
5.0 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)
4.4 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-522
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2022-27774

Source: CCN
Type: Project curl Security Advisory, April 27th 2022
Credential leak on redirect

Source: XF
Type: UNKNOWN
curl-cve202227774-info-disc(225294)

Source: support@hackerone.com
Type: Exploit, Third Party Advisory
support@hackerone.com

Source: support@hackerone.com
Type: Mailing List, Third Party Advisory
support@hackerone.com

Source: support@hackerone.com
Type: Third Party Advisory
support@hackerone.com

Source: support@hackerone.com
Type: Third Party Advisory
support@hackerone.com

Source: support@hackerone.com
Type: Third Party Advisory
support@hackerone.com

Source: CCN
Type: IBM Security Bulletin 6596085 (QRadar SIEM)
IBM QRadar WinCollect is vulnerable to using components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6606577 (Rational ClearCase)
Vulnerability in libcURL affect IBM Rational ClearCase ( CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27782, CVE-2022-30115, CVE-2022-27774 )

Source: CCN
Type: IBM Security Bulletin 6611147 (MQ Operator)
IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Golang Go, libxml2, curl, expat, libgcrypt and IBM WebSphere Application Server Liberty

Source: CCN
Type: IBM Security Bulletin 6615217 (Robotic Process Automation for Cloud Pak)
Multiple vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Source: CCN
Type: IBM Security Bulletin 6620211 (Spectrum Protect Plus)
Vulnerabilities in libcurl may affect IBM Spectrum Protect Plus (CVE-2021-22946, CVE-2022-27782, CVE-2022-27774, CVE-2022-22576, CVE-2021-22947, CVE-2022-27776)

Source: CCN
Type: IBM Security Bulletin 6620213 (Spectrum Copy Data Management)
Vulnerabilities in libcurl may affect IBM Spectrum Copy Data Management (CVE-2022-27782, CVE-2022-27774, CVE-2021-22947, CVE-2022-22576, CVE-2022-27776, CVE-2021-22946)

Source: CCN
Type: IBM Security Bulletin 6621463 (Spectrum Protect Plus)
Vulnerabilities in libcurl affect IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents

Source: CCN
Type: IBM Security Bulletin 6823211 (PowerSC)
Multiple vulnerabilities in Curl affect PowerSC

Source: CCN
Type: IBM Security Bulletin 6826101 (MaaS360 Cloud Extender)
IBM MaaS360 Cloud Extender Agent and Base Module use libcurl with multiple known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6837313 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container operands may be vulnerable to loss of confidentiality due to CVE-2022-27774

Source: CCN
Type: IBM Security Bulletin 6843879 (Watson Speech Services Cartridge for Cloud Pak for Data)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to credential exposure in cURL libcurl (CVE-2022-27774)

Source: CCN
Type: IBM Security Bulletin 6848225 (Netcool Operations Insight)
Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6854981 (Cloud Pak for Security)
IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6855297 (Security Verify Access)
IBM Security Verify Access Appliance includes components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6952301 (Aspera High-Speed Transfer Server)
IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint has addressed multiple security vulnerabilities (CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)

Source: CCN
Type: IBM Security Bulletin 6958506 (Security QRadar SIEM)
IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6984347 (Engineering Requirements Management DOORS)
IBM Engineering Requirements Management DOORS/DWA vulnerabilities fixes for 9.7.2.6

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:9:*:*:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:9::baseos:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearcase:8.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearcase:9.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_copy_data_management:2.2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access:10.0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.10.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access:10.0.4.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7476
    P
    		curl-8.0.1-150400.5.23.1 on GA media (Moderate)
    2023-06-12
    oval:com.redhat.rhsa:def:20225245
    P
    		RHSA-2022:5245: curl security update (Moderate)
    2022-07-01
    oval:com.redhat.rhsa:def:20225313
    P
    		RHSA-2022:5313: curl security update (Moderate)
    2022-06-30
    oval:org.opensuse.security:def:2902
    P
    		curl-7.79.1-150400.3.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94532
    P
    		curl-7.79.1-150400.3.1 on GA media (Moderate)
    2022-06-22
    BACK
    ibm rational clearcase 8.0.1
    ibm rational clearcase 8.0.0
    ibm rational clearcase 9.0.1
    ibm spectrum protect plus 10.1.0
    ibm security verify access 10.0.2.0
    ibm security verify access 10.0.0.0
    ibm security verify access 10.0.1.0
    ibm qradar security information and event manager 7.5.0 -
    ibm spectrum copy data management 2.2.0.0
    ibm app connect enterprise certified container 4.1
    ibm app connect enterprise certified container 4.2
    ibm security verify access 10.0.3.0
    ibm robotic process automation for cloud pak 21.0.1
    ibm robotic process automation for cloud pak 21.0.2
    ibm cloud pak for security 1.10.0.0
    ibm app connect enterprise certified container 5.0
    ibm qradar security information and event manager 7.4 -
    ibm cloud pak for security 1.10.6.0
    ibm security verify access 10.0.4.0