发布时间: 2022年5月18日
修改时间: 2024年10月31日
When asked, curl does an HTTP(S) redirect. curl also supports authentication. When providing a user and password for a URL with a given hostname, curl makes an effort not to pass these credentials to other hosts in redirects unless permissions with special options are granted. This "same host check" has been flawed since its introduction. It does not work with cross-protocol redirection, nor does it treat different port numbers as separate hosts. This results in leaking credentials to other servers when curl redirects from authentication protected HTTP(S) URLs to other protocols and port numbers. It could also leak TLS SRP credentials in this way. By default, curl only allows redirects to HTTP(S) and FTP(S), but you can ask to allow redirects to all curl-supported protocols.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | Low |
| Attack Vector | Network | Network |
| CVSS评分 | 5.7 | 5.0 |
| Attack Complexity | Low | High |
| Privileges Required | Low | None |
| Scope | Unchanged | Unchanged |
| Integrity | None | Low |
| User Interaction | Required | Required |
| Availability | None | Low |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2022-1530 | curl security update | 2022年5月18日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | curl | Fixed |
| KY3.4-5 | curl | Fixed |
| KY3.5.1 | curl | Fixed |
