CVE-2021-22923
published 2021-08-05CVE-2021-22923: When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same…
PriorityP430medium5.3CVSS 3.1
AVNACHPRNUIRSUCHINAN
EPSS
1.84%
76.3th percentile
When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | curl | < curl 7.79.1-1 (bookworm) | curl 7.79.1-1 (bookworm) |
| fedoraproject | fedora | — | — |
| haxx | curl | >= 0 < 7.79.1-1 | 7.79.1-1 |
| haxx | curl | >= 0 < 7.79.1-1 | 7.79.1-1 |
| haxx | curl | >= 0 < 7.79.1-1 | 7.79.1-1 |
| haxx | curl | >= 7.27.0 < 7.78.0 | 7.78.0 |
| https | github.com_curl_curl | — | — |
| msrc | cbl2_curl_7.76.0-5_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_curl_7.76.0-5_on_cbl_mariner_1.0 | — | — |
| oracle | mysql_server | 5.7.0 – 5.7.35 | — |
| oracle | mysql_server | 8.0.0 – 8.0.26 | — |
| siemens | sinec_infrastructure_network_services | < 1.0.1.1 | 1.0.1.1 |
| splunk | universal_forwarder | — | — |
| splunk | universal_forwarder | >= 8.2.0 < 8.2.12 | 8.2.12 |
| splunk | universal_forwarder | >= 9.0.0 < 9.0.6 | 9.0.6 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:P/I:N/A:N
osv5.3MEDIUM
vendor_debian5.3LOW
vendor_msrc5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-89qw-6g6w-269q: When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same
ghsa_unreviewed·2022-05-24
CVE-2021-22923 [MEDIUM] CWE-319 GHSA-89qw-6g6w-269q: When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same
When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.
OSV
CVE-2021-22923: When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same
osv·2021-08-05·CVSS 5.3
CVE-2021-22923 [MEDIUM] CVE-2021-22923: When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same
When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.
CISA ICS
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
cisa_ics·2023-12-14
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
ICS Advisory
##
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
Release DateDecember 14, 2023
Alert CodeICSA-23-348-10
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
- Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Miss
CISA ICS
Siemens SINEC INS
cisa_ics·2022-03-10·CVSS 5.9
[MEDIUM] Siemens SINEC INS
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SINEC INS
Last RevisedMarch 10, 2022
Alert CodeICSA-22-069-09
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SINEC INS
- Vulnerability: Using Components with Known Vulnerabilities
## 2. RISK EVALUATION
Successful exploitation of this vulnerability in third-party components could allow an attacker to interfere with the affected product in various ways.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Siemens reports this vulnerability affects the following SINEC INS (Infrastructure Netw
Microsoft
When curl is instructed to get content using the metalink feature and a user name and password are used to download the metalink XML file those same credentials are then subsequently passed on to each
vendor_msrc·2021-08-10·CVSS 5.3
CVE-2021-22923 [MEDIUM] CWE-319 When curl is instructed to get content using the metalink feature and a user name and password are used to download the metalink XML file those same credentials are then subsequently passed on to each
When curl is instructed to get content using the metalink feature and a user name and password are used to download the metalink XML file those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparen
Red Hat
curl: Metalink download sends credentials
vendor_redhat·2021-07-21·CVSS 5.3
CVE-2021-22923 [MEDIUM] CWE-522 curl: Metalink download sends credentials
curl: Metalink download sends credentials
When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.
A flaw was found in curl in the way curl handles credentials when downloading content using the Metalink feature. This flaw allows malicious actors controlling a hosting server to gain access to credentials provided while downloading content without the user's knowledge. The highest threat from this vulnerability is to confidentiality.
Mitigation: This flaw can be mit
Debian
CVE-2021-22923: curl - When curl is instructed to get content using the metalink feature, and a user na...
vendor_debian·2021·CVSS 5.3
CVE-2021-22923 [MEDIUM] CVE-2021-22923: curl - When curl is instructed to get content using the metalink feature, and a user na...
When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.
Scope: local
bookworm: resolved (fixed in 7.79.1-1)
bullseye: open
forky: resolved (fixed in 7.79.1-1)
sid: resolved (fixed in 7.79.1-1)
trixie: resolved (fixed in 7.79.1-1)
No detection rules found.
No public exploits indexed.
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfhttps://hackerone.com/reports/1213181https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/https://security.gentoo.org/glsa/202212-01https://security.netapp.com/advisory/ntap-20210902-0003/https://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfhttps://hackerone.com/reports/1213181https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/https://security.gentoo.org/glsa/202212-01https://security.netapp.com/advisory/ntap-20210902-0003/https://www.oracle.com/security-alerts/cpuoct2021.html
2021-08-05
Published