VDB

ALPINE-CVE-2022-27776

ALPINE-CVE-2022-27776 PUBLISHED CVSS 6.5 MEDIUM

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
Alpine:v3.17curl7.50.0-r0, 7.56.1-r0, 7.56.1-r1
Alpine:v3.22curl7.61.1-r0, 7.55.1-r0, 7.55.0-r0
Alpine:v3.19curl7.20.1-r1, 0, 7.19.2-r0
Alpine:v3.20curl7.36.0-r0, 7.20.1-r1, 7.19.6-r0
Alpine:v3.18curl7.27.0-r0, 0, 7.19.2-r1
Alpine:v3.15curl7.77.0-r1, 0, 7.19.2-r0
Alpine:v3.14curl7.44.0-r0, 7.45.0-r0, 7.46.0-r0
Alpine:v3.12curl7.64.1-r3, 0, 7.19.2-r0
Alpine:v3.24curl0
Alpine:v3.13curl7.71.0-r0, 7.70.0-r2, 7.70.0-r0
Alpine:v3.23curl7.64.1-r0, 0, 7.82.0-r1
Alpine:v3.21curl7.61.0-r0, 7.60.0-r1, 7.60.0-r0
Alpine:v3.16curl7.60.0-r1, 7.19.2-r0, 7.19.2-r1

Timeline

  • Jun 2, 2022 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›