CVE-2022-22576

ADVISORY - nist

Summary

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).

EPSS Score⁠: 0.00241 (0.471)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-287⁠

Improper Authentication

CWE-306⁠

Missing Authentication for Critical Function

ADVISORY - redhat

CWE-287⁠

Improper Authentication

CWE-295⁠

Improper Certificate Validation

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.