CVE-2022-27778

HIGH

Unknown - Info Disclosure

Title source: llm

Description

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.

References (4)

[Exploit, Third Party Advisory] https://hackerone.com/reports/1553598

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20220609-0009/

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20220729-0004/

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpujul2022.html

Scores

CVSS v3 8.1

EPSS 0.0091

EPSS Percentile 75.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Classification

CWE

CWE-706

Status published

Affected Products (16)

haxx/curl

netapp/active_iq_unified_manager

netapp/clustered_data_ontap

netapp/oncommand_insight

netapp/oncommand_workflow_automation

netapp/snapcenter

netapp/solidfire_\&_hci_management_node

netapp/h300s_firmware

netapp/bh500s_firmware

netapp/h700s_firmware

netapp/h410s_firmware

netapp/hci_compute_node_firmware

oracle/mysql_server < 5.7.38

splunk/universal_forwarder < 8.2.12

... and 1 more

Timeline

Published Jun 02, 2022

Tracked Since Feb 18, 2026