{"api_version":"1","generated_at":"2026-04-22T21:40:04+00:00","cve":"CVE-2022-27774","urls":{"html":"https://cve.report/CVE-2022-27774","api":"https://cve.report/api/cve/CVE-2022-27774.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-27774","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-27774"},"summary":{"title":"CVE-2022-27774","description":"An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.","state":"PUBLISHED","assigner":"hackerone","published_at":"2022-06-02 14:15:43","updated_at":"2026-04-16 14:16:11"},"problem_types":["CWE-522","CWE-522 Insufficiently Protected Credentials (CWE-522)"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"5.7","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"5.7","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"5.7","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"3.5","severity":"","vector":"AV:N/AC:M/Au:S/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:N/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://hackerone.com/reports/1543773","name":"https://hackerone.com/reports/1543773","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"],"title":"HackerOne","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202212-01","name":"https://security.gentoo.org/glsa/202212-01","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"curl: Multiple Vulnerabilities (GLSA 202212-01) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html","name":"https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 3288-1] curl security update","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.debian.org/security/2022/dsa-5197","name":"https://www.debian.org/security/2022/dsa-5197","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-5197-1 curl","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20220609-0008/","name":"https://security.netapp.com/advisory/ntap-20220609-0008/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"May 2022 Libcurl Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-27774","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27774","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"https://github.com/curl/curl","version":"affected curl 4.9 to and include curl 7.82.0 are affected","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"27774","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"brocade","cpe5":"fabric_operating_system","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27774","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27774","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27774","vulnerable":"1","versionEndIncluding":"7.82.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"haxx","cpe5":"curl","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27774","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"clustered_data_ontap","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27774","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h300s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27774","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h300s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27774","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h410s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27774","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h410s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27774","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h500s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27774","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h500s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27774","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h700s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27774","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h700s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27774","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"hci_bootstrap_os","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27774","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"hci_compute_node","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27774","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"solidfire_\\&_hci_management_node","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27774","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"solidfire_\\&_hci_storage_node","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"27774","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"splunk","cpe5":"universal_forwarder","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-27774","qid":"159919","title":"Oracle Enterprise Linux Security Update for curl (ELSA-2022-5313)"},{"cve":"CVE-2022-27774","qid":"159933","title":"Oracle Enterprise Linux Security Update for curl (ELSA-2022-5245)"},{"cve":"CVE-2022-27774","qid":"180909","title":"Debian Security Update for curl (DSA 5197-1)"},{"cve":"CVE-2022-27774","qid":"181508","title":"Debian Security Update for curl (DSA 5330-1)"},{"cve":"CVE-2022-27774","qid":"181512","title":"Debian Security Update for curl (DLA 3288-1)"},{"cve":"CVE-2022-27774","qid":"181662","title":"Debian Security Update for curl (DSA 5365-1)"},{"cve":"CVE-2022-27774","qid":"183432","title":"Debian Security Update for curl (CVE-2022-27774)"},{"cve":"CVE-2022-27774","qid":"198759","title":"Ubuntu Security Notification for curl Vulnerabilities (USN-5397-1)"},{"cve":"CVE-2022-27774","qid":"240502","title":"Red Hat Update for curl (RHSA-2022:5245)"},{"cve":"CVE-2022-27774","qid":"240504","title":"Red Hat Update for curl (RHSA-2022:5313)"},{"cve":"CVE-2022-27774","qid":"282695","title":"Fedora Security Update for curl (FEDORA-2022-3d8f00cde2)"},{"cve":"CVE-2022-27774","qid":"282723","title":"Fedora Security Update for curl (FEDORA-2022-3517572083)"},{"cve":"CVE-2022-27774","qid":"282754","title":"Fedora Security Update for curl (FEDORA-2022-8277bef335)"},{"cve":"CVE-2022-27774","qid":"296082","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 48.126.1 Missing (CPUJUL2022)"},{"cve":"CVE-2022-27774","qid":"353292","title":"Amazon Linux Security Advisory for curl : ALAS2-2022-1792"},{"cve":"CVE-2022-27774","qid":"354255","title":"Amazon Linux Security Advisory for curl : ALAS-2022-1646"},{"cve":"CVE-2022-27774","qid":"354277","title":"Amazon Linux Security Advisory for curl : ALAS2022-2022-055"},{"cve":"CVE-2022-27774","qid":"354292","title":"Amazon Linux Security Advisory for curl : ALAS2022-2022-206"},{"cve":"CVE-2022-27774","qid":"354341","title":"Amazon Linux Security Advisory for curl : ALAS2022-2022-065"},{"cve":"CVE-2022-27774","qid":"354587","title":"Amazon Linux Security Advisory for curl : ALAS-2022-206"},{"cve":"CVE-2022-27774","qid":"355207","title":"Amazon Linux Security Advisory for curl : ALAS2023-2023-083"},{"cve":"CVE-2022-27774","qid":"377351","title":"Alibaba Cloud Linux Security Update for curl (ALINUX3-SA-2022:0142)"},{"cve":"CVE-2022-27774","qid":"378599","title":"Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)"},{"cve":"CVE-2022-27774","qid":"378883","title":"Splunk Enterprise August Third Party Package Updates (SVD-2023-0808)"},{"cve":"CVE-2022-27774","qid":"500138","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2022-27774","qid":"501954","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2022-27774","qid":"502212","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2022-27774","qid":"503889","title":"Alpine Linux Security Update for curl"},{"cve":"CVE-2022-27774","qid":"591406","title":"Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)"},{"cve":"CVE-2022-27774","qid":"671910","title":"EulerOS Security Update for curl (EulerOS-SA-2022-1961)"},{"cve":"CVE-2022-27774","qid":"671934","title":"EulerOS Security Update for curl (EulerOS-SA-2022-1991)"},{"cve":"CVE-2022-27774","qid":"671963","title":"EulerOS Security Update for curl (EulerOS-SA-2022-2153)"},{"cve":"CVE-2022-27774","qid":"671972","title":"EulerOS Security Update for curl (EulerOS-SA-2022-2128)"},{"cve":"CVE-2022-27774","qid":"672198","title":"EulerOS Security Update for curl (EulerOS-SA-2022-2454)"},{"cve":"CVE-2022-27774","qid":"690855","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for curl (92a4d881-c6cf-11ec-a06f-d4c9ef517024)"},{"cve":"CVE-2022-27774","qid":"710693","title":"Gentoo Linux curl Multiple Vulnerabilities (GLSA 202212-01)"},{"cve":"CVE-2022-27774","qid":"754069","title":"SUSE Enterprise Linux Security Update for curl (SUSE-SU-2023:2225-1)"},{"cve":"CVE-2022-27774","qid":"902170","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9892)"},{"cve":"CVE-2022-27774","qid":"902177","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9892-1)"},{"cve":"CVE-2022-27774","qid":"940598","title":"AlmaLinux Security Update for curl (ALSA-2022:5313)"},{"cve":"CVE-2022-27774","qid":"960152","title":"Rocky Linux Security Update for curl (RLSA-2022:5313)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-03T05:32:59.946Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"https://hackerone.com/reports/1543773"},{"tags":["x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20220609-0008/"},{"name":"DSA-5197","tags":["vendor-advisory","x_transferred"],"url":"https://www.debian.org/security/2022/dsa-5197"},{"name":"GLSA-202212-01","tags":["vendor-advisory","x_transferred"],"url":"https://security.gentoo.org/glsa/202212-01"},{"name":"[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","version":"3.1"}},{"other":{"content":{"id":"CVE-2022-27774","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-04-16T13:41:23.529233Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-04-16T13:41:41.899Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"https://github.com/curl/curl","vendor":"n/a","versions":[{"status":"affected","version":"curl 4.9 to and include curl 7.82.0 are affected"}]}],"descriptions":[{"lang":"en","value":"An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-522","description":"Insufficiently Protected Credentials (CWE-522)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2023-01-28T00:00:00.000Z","orgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","shortName":"hackerone"},"references":[{"url":"https://hackerone.com/reports/1543773"},{"url":"https://security.netapp.com/advisory/ntap-20220609-0008/"},{"name":"DSA-5197","tags":["vendor-advisory"],"url":"https://www.debian.org/security/2022/dsa-5197"},{"name":"GLSA-202212-01","tags":["vendor-advisory"],"url":"https://security.gentoo.org/glsa/202212-01"},{"name":"[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"}]}},"cveMetadata":{"assignerOrgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","assignerShortName":"hackerone","cveId":"CVE-2022-27774","datePublished":"2022-06-01T00:00:00.000Z","dateReserved":"2022-03-23T00:00:00.000Z","dateUpdated":"2026-04-16T13:41:41.899Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2022-06-02 14:15:43","lastModifiedDate":"2026-04-16 14:16:11","problem_types":["CWE-522","CWE-522 Insufficiently Protected Credentials (CWE-522)"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:N/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndIncluding":"7.82.0","matchCriteriaId":"5C214153-4B3E-4F09-9B58-413136131841"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*","matchCriteriaId":"1C767AA1-88B7-48F0-9F31-A89D16DCD52C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*","matchCriteriaId":"AD7447BC-F315-4298-A822-549942FC118B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*","matchCriteriaId":"1FE996B1-6951-4F85-AA58-B99A379D2163"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*","matchCriteriaId":"D6D700C5-F67F-4FFB-BE69-D524592A3D2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*","matchCriteriaId":"D452B464-1200-4B72-9A89-42DC58486191"},{"vulnerable":true,"criteria":"cpe:2.3:o:brocade:fabric_operating_system:-:*:*:*:*:*:*:*","matchCriteriaId":"41CD1160-B681-41EF-9EB4-06CE0F53C501"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6770B6C3-732E-4E22-BF1C-2D2FD610061C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*","matchCriteriaId":"9F9C8C20-42EB-4AB5-BD97-212DEB070C43"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7FFF7106-ED78-49BA-9EC5-B889E3685D53"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*","matchCriteriaId":"E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"56409CEC-5A1E-4450-AA42-641E459CC2AF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*","matchCriteriaId":"B06F4839-D16A-4A61-9BB5-55B13F41E47F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D0B4AD8A-F172-4558-AEC6-FF424BA2D912"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*","matchCriteriaId":"8497A4C9-8474-4A62-8331-3FE862ED4098"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2.0","versionEndExcluding":"8.2.12","matchCriteriaId":"5722E753-75DE-4944-A11B-556CB299B57D"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.0.6","matchCriteriaId":"DC0F9351-81A4-4FEA-B6B5-6E960A933D32"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*","matchCriteriaId":"EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"27774","Ordinal":"1","Title":"CVE-2022-27774","CVE":"CVE-2022-27774","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"27774","Ordinal":"1","NoteData":"An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.","Type":"Description","Title":"CVE-2022-27774"}]}}}