Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2024-11053

Published: December 12, 2024Last modified: February 12, 2025

Description

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.

Severity score breakdown

ParameterValue
Base score3.4
Attack VectorNETWORK
Attack complexityHIGH
Privileges requiredNONE
User interactionREQUIRED
ScopeCHANGED
ConfidentialityLOW
Integrity impactNONE
Availability impactNONE
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTScurlFixed (8.9.1-r2)
StreamcurlFixed (8.11.1-r0)

References

ON THIS PAGE