9.1
CVE-2023-23914
- EPSS 0.18%
- Veröffentlicht 23.02.2023 20:15:13
- Zuletzt bearbeitet 12.03.2025 19:15:35
- Quelle support@hackerone.com
- Teams Watchlist Login
- Unerledigt Login
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere
Netapp ≫ Clustered Data Ontap Version9.0 Update-
Netapp ≫ H300s Firmware Version-
Netapp ≫ H500s Firmware Version-
Netapp ≫ H700s Firmware Version-
Netapp ≫ H410s Firmware Version-
Splunk ≫ Universal Forwarder Version >= 8.2.0 < 8.2.12
Splunk ≫ Universal Forwarder Version >= 9.0.0 < 9.0.6
Splunk ≫ Universal Forwarder Version9.1.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.395 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
CWE-319 Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.