Main Vulnerability Database Vulnerabilities #VU63011

#VU63011 Cleartext transmission of sensitive information in cURL - CVE-2022-30115

Published: May 11, 2022

Vulnerability identifier: #VU63011

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-30115

CWE-ID: CWE-319

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
cURL

Software vendor:
curl.haxx.se

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error in HSTS implementation that can allow curl to continue using HTTP protocol instead of HTTPS if the host name in the given URL used a trailing dot while not using one when it built the HSTS cache. A remote attacker with ability to intercept traffic can obtain potentially sensitive information.

Remediation

Install updates from vendor's website.

External links

https://curl.haxx.se/docs/CVE-2022-30115.html

#VU63011 Cleartext transmission of sensitive information in cURL - CVE-2022-30115

Description

Remediation

External links

Please verify you're human