{ "threat_severity" : "Low", "public_date" : "2024-12-11T00:00:00Z", "bugzilla" : { "description" : "curl: curl netrc password leak", "id" : "2331191", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2331191" }, "cvss3" : { "cvss3_base_score" : "5.9", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status" : "verified" }, "cwe" : "CWE-200", "details" : [ "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host." ], "statement" : "This issue only affects curl when a `.netrc` file is used and a redirect is performed. Additionally, the `.netrc` must match the target hostname but the followed-to host does not have a password or both login and password configured.\nExample of a vulnerable .netrc configuration:\n~~~\nmachine a.com\nlogin alice\npassword alicespassword\ndefault\nlogin bob\n~~~", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-02-19T00:00:00Z", "advisory" : "RHSA-2025:1673", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "mysql:8.0-8100020250212154709.489197e6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-02-19T00:00:00Z", "advisory" : "RHSA-2025:1671", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "mysql-0:8.0.41-2.el9_5" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "curl", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "mysql8.4", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "curl", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "mysql", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "curl", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "curl", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "curl", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat JBoss Core Services", "fix_state" : "Fix deferred", "package_name" : "jbcs-httpd24-curl", "cpe" : "cpe:/a:redhat:jboss_core_services:1" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "rhcos", "cpe" : "cpe:/a:redhat:openshift:4" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-11053\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-11053\nhttps://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL" ], "name" : "CVE-2024-11053", "mitigation" : { "value" : "Avoid using the .netrc file together with redirects.", "lang" : "en:us" }, "csaw" : false }