CVE-2020-8169
published 2020-12-14CVE-2020-8169: curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to…
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
3.43%
87.4th percentile
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | curl | < curl 7.72.0-1 (bookworm) | curl 7.72.0-1 (bookworm) |
| debian | debian_linux | — | — |
| haxx | curl | >= 0 < 7.72.0-1 | 7.72.0-1 |
| haxx | curl | >= 0 < 7.72.0-1 | 7.72.0-1 |
| haxx | curl | >= 0 < 7.72.0-1 | 7.72.0-1 |
| haxx | curl | >= 0 < 7.72.0-1 | 7.72.0-1 |
| haxx | curl | >= 0 < 7.47.0-1ubuntu2.15 | 7.47.0-1ubuntu2.15 |
| haxx | curl | >= 0 < 7.58.0-2ubuntu3.9 | 7.58.0-2ubuntu3.9 |
| haxx | curl | >= 0 < 7.68.0-1ubuntu2.1 | 7.68.0-1ubuntu2.1 |
| haxx | curl | >= 0 < 7.35.0-1ubuntu2.20+esm4 | 7.35.0-1ubuntu2.20+esm4 |
| haxx | curl | 7.62.0 – 7.70.0 | — |
| https | github.com_curl_curl | — | — |
| msrc | cm1_curl_7.76.0-5_on_cbl_mariner_1.0 | — | — |
| siemens | simatic_tim_1531_irc_firmware | < 2.2 | 2.2 |
| siemens | sinec_infrastructure_network_services | < 1.0.1.1 | 1.0.1.1 |
| splunk | universal_forwarder | — | — |
| splunk | universal_forwarder | >= 8.2.0 < 8.2.12 | 8.2.12 |
| splunk | universal_forwarder | >= 9.0.0 < 9.0.6 | 9.0.6 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
cisa_ics·2023-12-14
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
ICS Advisory
##
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
Release DateDecember 14, 2023
Alert CodeICSA-23-348-10
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
- Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Miss
CISA ICS
Siemens SINEC INS
cisa_ics·2022-03-10·CVSS 5.9
[MEDIUM] Siemens SINEC INS
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SINEC INS
Last RevisedMarch 10, 2022
Alert CodeICSA-22-069-09
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SINEC INS
- Vulnerability: Using Components with Known Vulnerabilities
## 2. RISK EVALUATION
Successful exploitation of this vulnerability in third-party components could allow an attacker to interfere with the affected product in various ways.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Siemens reports this vulnerability affects the following SINEC INS (Infrastructure Netw
CISA ICS
Siemens SIMATIC TIM libcurl
cisa_ics·2021-06-29·CVSS 7.5
[HIGH] Siemens SIMATIC TIM libcurl
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SIMATIC TIM libcurl
Last RevisedJune 29, 2021
Alert CodeICSA-21-159-10
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC TIM libcurl
- Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Improper Certificate Validation
## 2. RISK EVALUATION
Successful exploitation of these third-party vulnerabilities could allow an attacker to extract sensitive information and pass a revoked certificate as valid.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The followi
Microsoft
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
vendor_msrc·2020-12-08·CVSS 7.5
CVE-2020-8169 [HIGH] CWE-200 curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Ma
Red Hat
libcurl: partial password leak over DNS on HTTP redirect
vendor_redhat·2020-06-24·CVSS 7.5
CVE-2020-8169 [HIGH] CWE-200 libcurl: partial password leak over DNS on HTTP redirect
libcurl: partial password leak over DNS on HTTP redirect
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
A flaw was found in libcurl. A part of a password may be prepended to the host name before the host name is resolved, leading to a leak of the partial password over the network and to DNS servers. This highest threat from this vulnerability is to data confidentiality.
Package: rh-dotnet21-curl (.NET Core 2.1 on Red Hat Enterprise Linux) - Not affected
Package: rh-dotnet31-curl (.NET Core 3.1 on Red Hat Enterprise Linux) - Not affected
Package: curl (Red Hat Ceph Storage 2) - Out of support scope
Package: curl (Red Hat Enterprise Linux 5) - Not affected
P
Ubuntu
curl vulnerabilities
vendor_ubuntu·2020-06-24·CVSS 7.5
CVE-2020-8177 [HIGH] curl vulnerabilities
Title: curl vulnerabilities
Summary: Several security issues were fixed in curl.
Marek Szlagor, Gregory Jefferis and Jeroen Ooms discovered
that curl incorrectly handled certain credentials. An attacker
could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS.
(CVE-2020-8169)
It was discovered that curl incorrectly handled certain parameters.
An attacker could possibly use this issue to overwrite a local file.
(CVE-2020-8177)
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2020-8169: curl - curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerabil...
vendor_debian·2020·CVSS 7.5
CVE-2020-8169 [HIGH] CVE-2020-8169: curl - curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerabil...
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
Scope: local
bookworm: resolved (fixed in 7.72.0-1)
bullseye: resolved (fixed in 7.72.0-1)
forky: resolved (fixed in 7.72.0-1)
sid: resolved (fixed in 7.72.0-1)
trixie: resolved (fixed in 7.72.0-1)
GHSA
GHSA-whwh-vhp2-pj62: curl 7
ghsa_unreviewed·2022-05-24
CVE-2020-8169 [HIGH] CWE-200 GHSA-whwh-vhp2-pj62: curl 7
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
OSV
CVE-2020-8169: curl 7
osv·2020-12-14·CVSS 7.5
CVE-2020-8169 [HIGH] CVE-2020-8169: curl 7
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
OSV
curl vulnerabilities
osv·2020-06-24·CVSS 7.5
CVE-2020-8169 [HIGH] curl vulnerabilities
curl vulnerabilities
Marek Szlagor, Gregory Jefferis and Jeroen Ooms discovered
that curl incorrectly handled certain credentials. An attacker
could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS.
(CVE-2020-8169)
It was discovered that curl incorrectly handled certain parameters.
An attacker could possibly use this issue to overwrite a local file.
(CVE-2020-8177)
No detection rules found.
No public exploits indexed.
HackerOne
CVE-2020-8169: Partial password leak over DNS on HTTP redirect
hackerone·2020-12-05·CVSS 7.5
CVE-2020-8169 [HIGH] CVE-2020-8169: Partial password leak over DNS on HTTP redirect
CVE-2020-8169: Partial password leak over DNS on HTTP redirect
## Summary:
From version 7.62 curl and curllib leaks part of user credentials in the plain text DNS request. This happens if the server makes redirect, both 301 and 302 to a relative path (eg header 'Location: /login'). It is NOT an issue in case of absolute redirection (eg header 'Location: https://domain.tld/login').
I was able to make curl/curlib to send a password that started with @ but I believe that more abuse is possible with this attack.
What makes is worst is that for eg occasionally run/daemon scripts with curl and authorization credentials this can be triggered by a remote server by switching between absolute/relative without any change on client-side.
User secrets are sent in plain text and anybody in the middle c
Bugzilla
CVE-2020-8169 flickcurl: libcurl: partial password leak over DNS on HTTP redirect [fedora-all]
bugzilla·2020-06-26·CVSS 7.5
CVE-2020-8169 [HIGH] CVE-2020-8169 flickcurl: libcurl: partial password leak over DNS on HTTP redirect [fedora-all]
CVE-2020-8169 flickcurl: libcurl: partial password leak over DNS on HTTP redirect [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple s
Bugzilla
CVE-2020-8169 mingw-curl: libcurl: partial password leak over DNS on HTTP redirect [fedora-all]
bugzilla·2020-06-26·CVSS 7.5
CVE-2020-8169 [HIGH] CVE-2020-8169 mingw-curl: libcurl: partial password leak over DNS on HTTP redirect [fedora-all]
CVE-2020-8169 mingw-curl: libcurl: partial password leak over DNS on HTTP redirect [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple
Bugzilla
CVE-2020-8169 curl: libcurl: partial password leak over DNS on HTTP redirect [fedora-all]
bugzilla·2020-06-26·CVSS 7.5
CVE-2020-8169 [HIGH] CVE-2020-8169 curl: libcurl: partial password leak over DNS on HTTP redirect [fedora-all]
CVE-2020-8169 curl: libcurl: partial password leak over DNS on HTTP redirect [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple suppor
Bugzilla
CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect
bugzilla·2020-06-17·CVSS 7.5
CVE-2020-8169 [HIGH] CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect
CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect
libcurl can be tricked to prepend a part of the password to the host name
before it resolves it, potentially leaking the partial password over the
network and to the DNS server(s).
Discussion:
External References:
https://curl.haxx.se/docs/CVE-2020-8169.html
---
Created curl tracking bugs for this issue:
Affects: fedora-all [bug 1851435]
Created flickcurl tracking bugs for this issue:
Affects: fedora-all [bug 1851437]
Created mingw-curl tracking bugs for this issue:
Affects: fedora-all [bug 1851436]
---
This issue has been addressed in the following products:
JBoss Core Services Apache HTTP Server 2.4.37 SP8
Via RHSA-2021:2471 https://access.redhat.com/errata/RHSA-2021:2471
---
This issue has been add
https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfhttps://curl.se/docs/CVE-2020-8169.htmlhttps://hackerone.com/reports/874778https://www.debian.org/security/2021/dsa-4881https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfhttps://curl.se/docs/CVE-2020-8169.htmlhttps://hackerone.com/reports/874778https://www.debian.org/security/2021/dsa-4881
2020-12-14
Published