CVE-2021-22923 Vulnerability Details

  /     /     /  

CVE-2021-22923 Metadata Quick Info

CVE Published: 05/08/2021 | CVE Updated: 19/11/2024 | CVE Year: 2021
Source: hackerone | Vendor: n/a | Product: https://github.com/curl/curl
Status : PUBLISHED

CVE-2021-22923 Description

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user\'s expectations and intentions and without telling the user it happened.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-319
CWE Name: Cleartext Transmission of Sensitive Information (CWE-319)
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: