Microsoft Windows: CVE-2022-27776: HackerOne: CVE-2022-27776 Insufficiently protected credentials vulnerability might leak authentication or cookie header data
4
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
07/12/2022
07/16/2022
07/12/2022
07/22/2024
Description
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
Solution(s)
- microsoft-windows-windows_10-1809-kb5015811
- microsoft-windows-windows_10-20h2-kb5015807
- microsoft-windows-windows_10-21h1-kb5015807
- microsoft-windows-windows_10-21h2-kb5015807
- microsoft-windows-windows_11-21h2-kb5015814
- microsoft-windows-windows_server_2022-21h2-kb5015827
- microsoft-windows-windows_server_2022-22h2-kb5015827
- msft-kb5015807-51c1eea0-5bd0-4188-9068-04cc6177eb33
- msft-kb5015811-0cb1acde-c120-423c-ac3b-cbfb2900b581
Advanced vulnerability management analytics and reporting.
Key Features
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center