VDB
ALPINE-CVE-2022-27776
ALPINE-CVE-2022-27776
PUBLISHED
CVSS 6.5 MEDIUM
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.17 | curl | 7.50.0-r0, 7.56.1-r0, 7.56.1-r1 |
| Alpine:v3.22 | curl | 7.61.1-r0, 7.55.1-r0, 7.55.0-r0 |
| Alpine:v3.19 | curl | 7.20.1-r1, 0, 7.19.2-r0 |
| Alpine:v3.20 | curl | 7.36.0-r0, 7.20.1-r1, 7.19.6-r0 |
| Alpine:v3.18 | curl | 7.27.0-r0, 0, 7.19.2-r1 |
| Alpine:v3.15 | curl | 7.77.0-r1, 0, 7.19.2-r0 |
| Alpine:v3.14 | curl | 7.44.0-r0, 7.45.0-r0, 7.46.0-r0 |
| Alpine:v3.12 | curl | 7.64.1-r3, 0, 7.19.2-r0 |
| Alpine:v3.24 | curl | 0 |
| Alpine:v3.13 | curl | 7.71.0-r0, 7.70.0-r2, 7.70.0-r0 |
| Alpine:v3.23 | curl | 7.64.1-r0, 0, 7.82.0-r1 |
| Alpine:v3.21 | curl | 7.61.0-r0, 7.60.0-r1, 7.60.0-r0 |
| Alpine:v3.16 | curl | 7.60.0-r1, 7.19.2-r0, 7.19.2-r1 |
Timeline
- Jun 2, 2022 CVE Published
- Apr 30, 2026 Distribution Patch
- Jun 15, 2026 CVE Updated