libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like `/tmp`), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HHaxx Curl
APPHaxx7.33.0 – 7.78.0 (bez)Netapp Active Iq Unified Manager
APPNetappwszystkie wersjeNetapp Clustered Data Ontap
APPNetappwszystkie wersjeNetapp H300e
HWNetappwszystkie wersjeNetapp H300e Firmware
OSNetappwszystkie wersjeNetapp H300s
HWNetappwszystkie wersjeNetapp H300s Firmware
OSNetappwszystkie wersjeNetapp H410s
HWNetappwszystkie wersjeNetapp H410s Firmware
OSNetappwszystkie wersjeNetapp H500e
HWNetappwszystkie wersjeNetapp H500e Firmware
OSNetappwszystkie wersjeNetapp H500s
HWNetappwszystkie wersjeNetapp H500s Firmware
OSNetappwszystkie wersjeNetapp H700e
HWNetappwszystkie wersjeNetapp H700e Firmware
OSNetappwszystkie wersjeNetapp H700s
HWNetappwszystkie wersjeNetapp H700s Firmware
OSNetappwszystkie wersjeNetapp Hci Management Node
APPNetappwszystkie wersjeNetapp Oncommand Insight
APPNetappwszystkie wersjeNetapp Oncommand Workflow Automation
APPNetappwszystkie wersjeNetapp Snapcenter
APPNetappwszystkie wersjeNetapp Solidfire
APPNetappwszystkie wersjeOracle MySQL Server
APPOracle8.0.0 – 8.0.265.7.0 – 5.7.35Oracle Peoplesoft Enterprise Peopletools
APPOracle8.578.588.59Siemens Sinec Infrastructure Network Services
APPSiemens< 1.0.1.1Splunk Universal Forwarder
APPSplunk9.1.08.2.0 – 8.2.12 (bez)9.0.0 – 9.0.6 (bez)
Related vulnerabilities
Pominięcie uwierzytelnienia w Oracle PeopleSoft PeopleTools (RCE/Takeover)
AMI MegaRAC SPx — zdalne ominięcie uwierzytelnienia w interfejsie Redfish BMC
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services)...