CVE-2021-22923
First published: Mon Jul 12 2021(Updated: )
A flaw was found in curl in the way curl handles credentials when downloading content using the Metalink feature. This flaw allows malicious actors controlling a hosting server to gain access to credentials provided while downloading content without the user's knowledge. The highest threat from this vulnerability is to confidentiality.
Credit: support@hackerone.com support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/curl | <0:7.61.1-18.el8_4.1 | 0:7.61.1-18.el8_4.1 |
| redhat/curl | <0:7.61.1-12.el8_2.3 | 0:7.61.1-12.el8_2.3 |
| redhat/curl | <7.78.0 | 7.78.0 |
| curl | >=7.27.0<7.78.0 | |
| Fedoraproject Fedora | =33 | |
| Netapp Cloud Backup | ||
| NetApp Clustered Data ONTAP | ||
| Netapp Hci Management Node | ||
| Netapp Solidfire | ||
| Oracle Mysql Server | >=5.7.0<=5.7.35 | |
| Oracle Mysql Server | >=8.0.0<=8.0.26 | |
| Siemens Sinec Infrastructure Network Services | <1.0.1.1 | |
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| Netapp H300e Firmware | ||
| Netapp H300e | ||
| Netapp H500e Firmware | ||
| Netapp H500e | ||
| Netapp H700e Firmware | ||
| Netapp H700e | ||
| Netapp H410s Firmware | ||
| Netapp H410s | ||
| All of | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| All of | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| All of | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| All of | ||
| Netapp H300e Firmware | ||
| Netapp H300e | ||
| All of | ||
| Netapp H500e Firmware | ||
| Netapp H500e | ||
| All of | ||
| Netapp H700e Firmware | ||
| Netapp H700e | ||
| All of | ||
| Netapp H410s Firmware | ||
| Netapp H410s | ||
| Splunk Universal Forwarder | >=8.2.0<8.2.12 | |
| Splunk Universal Forwarder | >=9.0.0<9.0.6 | |
| Splunk Universal Forwarder | =9.1.0 |
Remedy
This flaw can be mitigated by upgrading the affected curl utility to version 7.78.0 or by disabling the metalink feature in your current build
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2021-22923 https://nvd.nist.gov/vuln/detail/CVE-2021-22923 https://curl.se/docs/CVE-2021-22923.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1981438
- https://access.redhat.com/errata/RHSA-2021:3582
- https://access.redhat.com/errata/RHSA-2021:3903
- https://access.redhat.com/security/cve/cve-2021-22923
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://hackerone.com/reports/1213181
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
- https://security.gentoo.org/glsa/202212-01
- https://security.netapp.com/advisory/ntap-20210902-0003/
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://github.com/curl/curl/commit/b5fdbe848bc3d
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1984326
- https://curl.se/docs/CVE-2021-22923.html
- https://mirrors.fedoraproject.org/metalink?repo=fedora-34&arch=x86_64
- http://mirror.karneval.cz/pub/linux/fedora/linux/releases/34/Everything/x86_64/os/repodata/repomd.xml
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1981438#c15
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
Frequently Asked Questions
What is CVE-2021-22923?
CVE-2021-22923 is a vulnerability that allows credentials to be passed to servers when using the metalink feature in curl.
Which software is affected by CVE-2021-22923?
The affected software includes Red Hat curl versions up to exclusive 7.78.0, Red Hat curl el8_4 versions up to exclusive 0:7.61.1-18.el8_4.1, and Red Hat curl el8_2 versions up to exclusive 0:7.61.1-12.el8_2. It also affects Haxx Curl versions between 7.27.0 to 7.78.0, Fedora versions 33, Netapp Cloud Backup, NetApp Clustered Data ONTAP, Netapp Hci Management Node, Netapp Solidfire, Oracle MySQL Server versions between 5.7.0 to 5.7.35 and between 8.0.0 to 8.0.26, Siemens Sinec Infrastructure Network Services up to exclusive 1.0.1.1, Apple macOS Ventura, Apple macOS Big Sur, Apple macOS Monterey, Netapp H300e Firmware, Netapp H500e Firmware, Netapp H700e Firmware, and Netapp h700e Firmware.
What is the severity rating of CVE-2021-22923?
CVE-2021-22923 has a severity rating of medium with a CVSS score of 5.7.
How can I fix CVE-2021-22923?
To fix CVE-2021-22923, you should update to the latest version of curl that includes the fix, which is version 7.78.0 or later.
Where can I find more information about CVE-2021-22923?
You can find more information about CVE-2021-22923 in the following references: [GitHub Commit](https://github.com/curl/curl/commit/b5fdbe848bc3d), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1984326), [curl.se](https://curl.se/docs/CVE-2021-22923.html)
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/remedy
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-22923
- agent/software-canonical-lookup
- agent/author
- agent/references
- agent/description
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- package-manager/redhat
- vendor/haxx
- canonical/curl
- version/curl/7.27.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- vendor/netapp
- canonical/netapp cloud backup
- canonical/netapp clustered data ontap
- canonical/netapp hci management node
- canonical/netapp solidfire
- vendor/oracle
- canonical/oracle mysql server
- version/oracle mysql server/5.7.0
- version/oracle mysql server/5.7.35
- version/oracle mysql server/8.0.0
- version/oracle mysql server/8.0.26
- vendor/siemens
- canonical/siemens sinec infrastructure network services
- canonical/netapp h300s firmware
- canonical/netapp h300s
- canonical/netapp h500s firmware
- canonical/netapp h500s
- canonical/netapp h700s firmware
- canonical/netapp h700s
- canonical/netapp h300e firmware
- canonical/netapp h300e
- canonical/netapp h500e firmware
- canonical/netapp h500e
- canonical/netapp h700e firmware
- canonical/netapp h700e
- canonical/netapp h410s firmware
- canonical/netapp h410s
- vendor/splunk
- canonical/splunk universal forwarder
- version/splunk universal forwarder/8.2.0
- version/splunk universal forwarder/9.0.0
- version/splunk universal forwarder/9.1.0