Sign In

CVE-2023-27538

ADVISORY - nist

Summary

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.

EPSS Score: 0.00014 (0.017)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-287

Improper Authentication

CWE-305

Authentication Bypass by Primary Weakness

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-287

Improper Authentication

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-305

Authentication Bypass by Primary Weakness

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2023-27538
EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CWE-287CWE-305

CVSS SCORE

5.5medium

Alpine

CREATED

UPDATED

ADVISORY IDCVE-2023-27538
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

UPDATED

ADVISORY IDCVE-2023-27538
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2023-27538
EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.5low

GitLab

CREATED

UPDATED

ADVISORY ID

CVE-2023-27538

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-287CWE-937

CVSS SCORE

5.5medium

Alma

CREATED

UPDATED

ADVISORY IDALSA-2023:6679
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

UPDATED

ADVISORY IDALAS2-2023-2070
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

UPDATED

ADVISORY IDALAS2023-2023-193
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2023-27538
EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-305

CVSS SCORE

5.5medium

Oracle

CREATED

UPDATED

ADVISORY IDELSA-2023-6679
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Photon

CREATED

UPDATED

ADVISORY ID

CVE-2023-27538

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.5medium

intheWild

CREATED

UPDATED

ADVISORY IDCVE-2023-27538
EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY