vulnerability:exploitability=documented
Created on 2024-12-11 09:52 and updated on 2024-12-11 09:52.
Description
When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances.
This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.
Info
"A curl transfer with a.tld that redirects to b.tld that uses a .netrc like below (with a match, but no password specified for the second host), would make curl pass on alicespassword as password even in the second transfer to the separate host b.tld.
machine a.tld login alice password alicespassword default login bob
This bug is not considered a C mistake. It is not likely to have been avoided had we not been using C.
This flaw also affects the curl command line tool.
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2024-11053 to this issue.
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Severity: Low"
Associated vulnerability
CVE-2024-11053Related vulnerabilities
Meta
[
{
"tags": [
"vulnerability:exploitability=documented"
]
},
{
"ref": [
"https://mastodon.social/@bagder/113632978982393745",
"https://curl.se/docs/CVE-2024-11053.html"
]
}
]