7.5

CVE-2021-22926

Exploit

EPSS 0.51%
Published 05.08.2021 21:15:11
Last modified 21.11.2024 05:50:56
Source support@hackerone.com
Teams watchlist Login
Open Login

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like `/tmp`), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake.

Affected products Warnungen 0 Metrics 3 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Haxx ≫ Curl Version >= 7.33.0 < 7.78.0

Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere

Netapp ≫ Active Iq Unified Manager Version- SwPlatformwindows

Netapp ≫ Clustered Data Ontap Version-

Netapp ≫ Hci Management Node Version-

Netapp ≫ Oncommand Insight Version-

Netapp ≫ Oncommand Workflow Automation Version-

Netapp ≫ Snapcenter Version-

Netapp ≫ Solidfire Version-

Oracle ≫ Mysql Server Version >= 5.7.0 <= 5.7.35

Oracle ≫ Mysql Server Version >= 8.0.0 <= 8.0.26

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.57

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.59

Siemens ≫ Sinec Infrastructure Network Services Version < 1.0.1.1

Netapp ≫ H300s Firmware Version-

Netapp ≫ H300s Version-

Netapp ≫ H300e Firmware Version-

Netapp ≫ H300e Version-

Netapp ≫ H500e Firmware Version-

Netapp ≫ H500e Version-

Netapp ≫ H500s Firmware Version-

Netapp ≫ H500s Version-

Netapp ≫ H700s Firmware Version-

Netapp ≫ H700s Version-

Netapp ≫ H700e Firmware Version-

Netapp ≫ H700e Version-

Netapp ≫ H410s Firmware Version-

Netapp ≫ H410s Version-

Splunk ≫ Universal Forwarder Version >= 8.2.0 < 8.2.12

Splunk ≫ Universal Forwarder Version >= 9.0.0 < 9.0.6

Splunk ≫ Universal Forwarder Version9.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.51%	0.654

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://www.oracle.com/security-alerts/cpujan2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Patch

Third Party Advisory

https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E

Third Party Advisory

Mailing List

https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E

Third Party Advisory

Mailing List

https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E

Third Party Advisory

Mailing List

https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20211022-0003/

Third Party Advisory

https://security.gentoo.org/glsa/202212-01

Third Party Advisory

https://security.netapp.com/advisory/ntap-20210902-0003/

Third Party Advisory

https://hackerone.com/reports/1234760

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-22926

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-22926

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-22926

EUVD