CVE-2022-22576
HIGHcurl 7.33.0-7.82.0 - Improper Authentication via OAUTH2 Connection Reuse
Title source: llmDescription
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
References (5)
Core 5
Core References
Third Party Advisory vendor-advisory
https://www.debian.org/security/2022/dsa-5197
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202212-01
Exploit, Issue Tracking, Third Party Advisory
https://hackerone.com/reports/1526328
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220609-0008/
Scores
CVSS v3
8.1
EPSS
0.0034
EPSS Percentile
56.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-287
CWE-306
Status
published
Products (15)
None/https://github.com/curl/curl
Fixed in curl 7.83.0
brocade/fabric_operating_system
debian/debian_linux
10.0
debian/debian_linux
11.0
haxx/curl
7.33.0 - 7.83.0
netapp/bootstrap_os
netapp/clustered_data_ontap
netapp/h300s_firmware
netapp/h410s_firmware
netapp/h500s_firmware
... and 5 more
Published
May 26, 2022
Tracked Since
Feb 18, 2026