CVE-2023-27536 — Authentication Bypass by Primary Weakness in Libcurl
CWE-305 — Authentication Bypass by Primary WeaknessCWE-287 — Improper Authentication11 documents9 sources
Severity
5.9MEDIUMNVD
EPSS
0.0%
top 98.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 30
Description
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been chan…
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6
Affected Packages4 packages
Also affects: Ontap 9, Debian Linux 10.0, Fedora 36
🔴Vulnerability Details
3📋Vendor Advisories
5Microsoft▶
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to chec↗2023-03-14
Debian▶
CVE-2023-27536: curl - An authentication bypass vulnerability exists libcurl <8.0.0 in the connection r...↗2023