CVE-2022-32207

ADVISORY - nist

Summary

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the updated file accessible to more users than intended.

EPSS Score⁠: 0.00109 (0.301)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-276⁠

Incorrect Default Permissions

CWE-840⁠

Business Logic Errors

ADVISORY - redhat

CWE-281⁠

Improper Preservation of Permissions

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.