CVE-2022-27774
5.7 MEDIUMAn insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an atta...
Published: 2022-06-02 · Last updated: 2026-05-27
Severity and scoring
- CVSS
- 5.7 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
- CWE
- CWE-522
Affected products
| Vendor | Product |
|---|---|
| brocade | clustered_data_ontap, curl, debian_linux |
| debian | clustered_data_ontap, curl, debian_linux |
| haxx | clustered_data_ontap, curl, debian_linux |
| netapp | clustered_data_ontap, curl, debian_linux |
| splunk | clustered_data_ontap, curl, debian_linux |
Description
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2022-27774
- [Exploit reference]https://hackerone.com/reports/1543773
- [Other]https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
- [Other]https://security.gentoo.org/glsa/202212-01
- [Other]https://security.netapp.com/advisory/ntap-20220609-0008/
- [Other]https://www.debian.org/security/2022/dsa-5197
- [Exploit reference]https://hackerone.com/reports/1543773
- [Other]https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
- [Other]https://security.gentoo.org/glsa/202212-01
- [Other]https://security.netapp.com/advisory/ntap-20220609-0008/
- [Other]https://www.debian.org/security/2022/dsa-5197
- [Exploit reference]https://hackerone.com/reports/1543773
Related CVEs
Same vendor
- CVE-2026-20259 — In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, ... (5.5 MEDIUM)
- CVE-2026-20258 — In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.... (7.1 HIGH)
- CVE-2026-20257 — In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.... (5.7 MEDIUM)
- CVE-2026-20256 — In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.... (5.7 MEDIUM)
- CVE-2026-20255 — In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.... (5.7 MEDIUM)
Same CWE
- CVE-2026-53840 — OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configur... (7.1 HIGH)
- CVE-2026-6517 — Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in ... (6.3 MEDIUM)
- CVE-2026-49949 — CodexBar before 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive crede... (5.3 MEDIUM)
- CVE-2024-45636 — IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user (4.1 MEDIUM)
- CVE-2026-41715 — In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials (6.1 MEDIUM)