CVE-2021-22923
ADVISORY - nistSummary
When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.
EPSS Score: 0.00064 (0.201)
Common Weakness Enumeration (CWE)
ADVISORY - nist
ADVISORY - redhat
Insufficiently Protected Credentials
NIST
CVSS SCORE
5.3mediumAlpine
CREATED
UPDATED
ADVISORY IDCVE-2021-22923
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Debian
CREATED
UPDATED
ADVISORY IDCVE-2021-22923
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowUbuntu
CREATED
UPDATED
ADVISORY IDCVE-2021-22923
EXPLOITABILITY SCORE
1.6
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
5.3mediumAmazon
CREATED
UPDATED
ADVISORY IDALAS2-2021-1700
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2021-22923
EXPLOITABILITY SCORE
2.1
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5.7mediumRocky
CREATED
UPDATED
ADVISORY IDRLSA-2021:3582
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowOracle
CREATED
UPDATED
ADVISORY IDELSA-2021-3582
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumintheWild
CREATED
UPDATED
ADVISORY IDCVE-2021-22923
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-