CVE-2020-8169 — Sensitive Information Exposure in Siemens Sinec Infrastructure Network Services
Severity
7.5HIGHNVD
EPSS
0.1%
top 84.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 14
Latest updateMay 24
Description
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages7 packages
Also affects: Debian Linux 10.0
Patches
🔴Vulnerability Details
4📋Vendor Advisories
4Microsoft▶
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).↗2020-12-08
Debian▶
CVE-2020-8169: curl - curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerabil...↗2020
💬Community
5Bugzilla▶
CVE-2020-8169 flickcurl: libcurl: partial password leak over DNS on HTTP redirect [fedora-all]↗2020-06-26
Bugzilla▶
CVE-2020-8169 mingw-curl: libcurl: partial password leak over DNS on HTTP redirect [fedora-all]↗2020-06-26
Bugzilla▶
CVE-2020-8169 curl: libcurl: partial password leak over DNS on HTTP redirect [fedora-all]↗2020-06-26