{"vulnerability": "CVE-2023-27535", "sightings": [{"uuid": "cc52e474-b0be-4df6-8e6e-0a6b10fc6aef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27535", "type": "seen", "source": "https://t.me/ctinow/100329", "content": "Internet Bug Bounty: CVE-2023-27535: FTP too eager connection reuse\n\nhttps://ift.tt/S186y07", "creation_timestamp": "2023-03-20T23:31:53.000000Z"}, {"uuid": "edc92dbf-1bf4-46a9-9375-eb7cefe7bf1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27535", "type": "seen", "source": "https://t.me/cibsecurity/61216", "content": "\u203c CVE-2023-27535 \u203c\n\nAn authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-31T00:37:51.000000Z"}]}