CVE-2024-11053
Publication date 11 December 2024
Last updated 16 December 2024
Ubuntu priority
When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.
Why is this CVE low priority?
curl developers have rated this issue as low severity
Status
Package | Ubuntu Release | Status |
---|---|---|
curl | 24.10 oracular |
Fixed 8.9.1-2ubuntu2.2
|
24.04 LTS noble |
Fixed 8.5.0-2ubuntu10.6
|
|
22.04 LTS jammy |
Fixed 7.81.0-1ubuntu1.20
|
|
20.04 LTS focal |
Fixed 7.68.0-1ubuntu2.25
|
|
18.04 LTS bionic |
Needs evaluation
|
|
16.04 LTS xenial |
Needs evaluation
|
|
14.04 LTS trusty | Ignored end of ESM support, was needs-triage |
References
Related Ubuntu Security Notices (USN)
- USN-7162-1
- curl vulnerability
- 16 December 2024