CVE-2024-11053

ADVISORY - debian

Summary

When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.

curl 8.11.1-1 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089682) [bookworm] - curl 7.88.1-10+deb12u10 [bullseye] - curl (Vulnerable code only introduced in 7.76.0) https://curl.se/docs/CVE-2024-11053.html Introduced by: https://github.com/curl/curl/commit/46620b97431e19c53ce82e55055c85830f088cf4 (curl-7_76_0) Fixed by: https://github.com/curl/curl/commit/e9b9bbac22c26cf67316fa8e6c6b9e831af31949 (curl-8_11_1)

EPSS Score⁠: 0.00127 (0.334)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-noinfo⁠

ADVISORY - redhat

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

Impacted images

Advisories

Debian

CREATED

5 months ago

UPDATED

1 month ago

ADVISORY IDCVE-2024-11053⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/curl	deb	debian	12	<7.88.1-10+deb12u10	7.88.1-10+deb12u10
debian/curl	deb	debian	unstable	<8.11.1-1	8.11.1-1
debian/curl	deb	debian	13	<8.11.1-1	8.11.1-1

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

5 months ago

UPDATED

4 months ago

ADVISORY IDCVE-2024-11053⁠

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-noinfo⁠

CVSS SCORE

3.4low

Alpine

CREATED

5 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2024-11053⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

5 months ago

UPDATED

10 days ago

ADVISORY IDCVE-2024-11053⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Alma

CREATED

3 months ago

UPDATED

3 months ago

ADVISORY IDALSA-2025:1671⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Alma

CREATED

3 months ago

UPDATED

3 months ago

ADVISORY IDALSA-2025:1673⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Red Hat

CREATED

5 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2024-11053⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-200⁠

CVSS SCORE

5.9low

Rocky

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDRLSA-2025:1671⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

3 months ago

UPDATED

2 months ago

ADVISORY IDRLSA-2025:1673⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

3 months ago

UPDATED

3 months ago

ADVISORY IDELSA-2025-1671⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

3 months ago

UPDATED

3 months ago

ADVISORY IDELSA-2025-1673⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Chainguard

CREATED

5 months ago

UPDATED

5 months ago

ADVISORY ID

CGA-p536-wf68-h2rf

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Photon

CREATED

3 months ago

UPDATED

1 month ago

ADVISORY ID

CVE-2024-11053

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.3medium