curl: Authentication Credential Leakage via HTTP Redirects
CVE-2024-11053 Published on December 11, 2024
netrc and redirect credential leak
When asked to both use a `.netrc` file for credentials and to follow HTTP
redirects, curl could leak the password used for the first host to the
followed-to host under certain circumstances.
This flaw only manifests itself if the netrc file has an entry that matches
the redirect target hostname but the entry either omits just the password or
omits both login and password.
Vulnerability Analysis
CVE-2024-11053 can be exploited with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2024-11053. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
CHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
NONE
Products Associated with CVE-2024-11053
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-11053 are published in these products:
Affected Versions
curl:- Version 8.11.0, <= 8.11.0 is affected.
- Version 8.10.1, <= 8.10.1 is affected.
- Version 8.10.0, <= 8.10.0 is affected.
- Version 8.9.1, <= 8.9.1 is affected.
- Version 8.9.0, <= 8.9.0 is affected.
- Version 8.8.0, <= 8.8.0 is affected.
- Version 8.7.1, <= 8.7.1 is affected.
- Version 8.7.0, <= 8.7.0 is affected.
- Version 8.6.0, <= 8.6.0 is affected.
- Version 8.5.0, <= 8.5.0 is affected.
- Version 8.4.0, <= 8.4.0 is affected.
- Version 8.3.0, <= 8.3.0 is affected.
- Version 8.2.1, <= 8.2.1 is affected.
- Version 8.2.0, <= 8.2.0 is affected.
- Version 8.1.2, <= 8.1.2 is affected.
- Version 8.1.1, <= 8.1.1 is affected.
- Version 8.1.0, <= 8.1.0 is affected.
- Version 8.0.1, <= 8.0.1 is affected.
- Version 8.0.0, <= 8.0.0 is affected.
- Version 7.88.1, <= 7.88.1 is affected.
- Version 7.88.0, <= 7.88.0 is affected.
- Version 7.87.0, <= 7.87.0 is affected.
- Version 7.86.0, <= 7.86.0 is affected.
- Version 7.85.0, <= 7.85.0 is affected.
- Version 7.84.0, <= 7.84.0 is affected.
- Version 7.83.1, <= 7.83.1 is affected.
- Version 7.83.0, <= 7.83.0 is affected.
- Version 7.82.0, <= 7.82.0 is affected.
- Version 7.81.0, <= 7.81.0 is affected.
- Version 7.80.0, <= 7.80.0 is affected.
- Version 7.79.1, <= 7.79.1 is affected.
- Version 7.79.0, <= 7.79.0 is affected.
- Version 7.78.0, <= 7.78.0 is affected.
- Version 7.77.0, <= 7.77.0 is affected.
- Version 7.76.1, <= 7.76.1 is affected.
- Version 7.76.0, <= 7.76.0 is affected.
- Version 7.75.0, <= 7.75.0 is affected.
- Version 7.74.0, <= 7.74.0 is affected.
- Version 7.73.0, <= 7.73.0 is affected.
- Version 7.72.0, <= 7.72.0 is affected.
- Version 7.71.1, <= 7.71.1 is affected.
- Version 7.71.0, <= 7.71.0 is affected.
- Version 7.70.0, <= 7.70.0 is affected.
- Version 7.69.1, <= 7.69.1 is affected.
- Version 7.69.0, <= 7.69.0 is affected.
- Version 7.68.0, <= 7.68.0 is affected.
- Version 7.67.0, <= 7.67.0 is affected.
- Version 7.66.0, <= 7.66.0 is affected.
- Version 7.65.3, <= 7.65.3 is affected.
- Version 7.65.2, <= 7.65.2 is affected.
- Version 7.65.1, <= 7.65.1 is affected.
- Version 7.65.0, <= 7.65.0 is affected.
- Version 7.64.1, <= 7.64.1 is affected.
- Version 7.64.0, <= 7.64.0 is affected.
- Version 7.63.0, <= 7.63.0 is affected.
- Version 7.62.0, <= 7.62.0 is affected.
- Version 7.61.1, <= 7.61.1 is affected.
- Version 7.61.0, <= 7.61.0 is affected.
- Version 7.60.0, <= 7.60.0 is affected.
- Version 7.59.0, <= 7.59.0 is affected.
- Version 7.58.0, <= 7.58.0 is affected.
- Version 7.57.0, <= 7.57.0 is affected.
- Version 7.56.1, <= 7.56.1 is affected.
- Version 7.56.0, <= 7.56.0 is affected.
- Version 7.55.1, <= 7.55.1 is affected.
- Version 7.55.0, <= 7.55.0 is affected.
- Version 7.54.1, <= 7.54.1 is affected.
- Version 7.54.0, <= 7.54.0 is affected.
- Version 7.53.1, <= 7.53.1 is affected.
- Version 7.53.0, <= 7.53.0 is affected.
- Version 7.52.1, <= 7.52.1 is affected.
- Version 7.52.0, <= 7.52.0 is affected.
- Version 7.51.0, <= 7.51.0 is affected.
- Version 7.50.3, <= 7.50.3 is affected.
- Version 7.50.2, <= 7.50.2 is affected.
- Version 7.50.1, <= 7.50.1 is affected.
- Version 7.50.0, <= 7.50.0 is affected.
- Version 7.49.1, <= 7.49.1 is affected.
- Version 7.49.0, <= 7.49.0 is affected.
- Version 7.48.0, <= 7.48.0 is affected.
- Version 7.47.1, <= 7.47.1 is affected.
- Version 7.47.0, <= 7.47.0 is affected.
- Version 7.46.0, <= 7.46.0 is affected.
- Version 7.45.0, <= 7.45.0 is affected.
- Version 7.44.0, <= 7.44.0 is affected.
- Version 7.43.0, <= 7.43.0 is affected.
- Version 7.42.1, <= 7.42.1 is affected.
- Version 7.42.0, <= 7.42.0 is affected.
- Version 7.41.0, <= 7.41.0 is affected.
- Version 7.40.0, <= 7.40.0 is affected.
- Version 7.39.0, <= 7.39.0 is affected.
- Version 7.38.0, <= 7.38.0 is affected.
- Version 7.37.1, <= 7.37.1 is affected.
- Version 7.37.0, <= 7.37.0 is affected.
- Version 7.36.0, <= 7.36.0 is affected.
- Version 7.35.0, <= 7.35.0 is affected.
- Version 7.34.0, <= 7.34.0 is affected.
- Version 7.33.0, <= 7.33.0 is affected.
- Version 7.32.0, <= 7.32.0 is affected.
- Version 7.31.0, <= 7.31.0 is affected.
- Version 7.30.0, <= 7.30.0 is affected.
- Version 7.29.0, <= 7.29.0 is affected.
- Version 7.28.1, <= 7.28.1 is affected.
- Version 7.28.0, <= 7.28.0 is affected.
- Version 7.27.0, <= 7.27.0 is affected.
- Version 7.26.0, <= 7.26.0 is affected.
- Version 7.25.0, <= 7.25.0 is affected.
- Version 7.24.0, <= 7.24.0 is affected.
- Version 7.23.1, <= 7.23.1 is affected.
- Version 7.23.0, <= 7.23.0 is affected.
- Version 7.22.0, <= 7.22.0 is affected.
- Version 7.21.7, <= 7.21.7 is affected.
- Version 7.21.6, <= 7.21.6 is affected.
- Version 7.21.5, <= 7.21.5 is affected.
- Version 7.21.4, <= 7.21.4 is affected.
- Version 7.21.3, <= 7.21.3 is affected.
- Version 7.21.2, <= 7.21.2 is affected.
- Version 7.21.1, <= 7.21.1 is affected.
- Version 7.21.0, <= 7.21.0 is affected.
- Version 7.20.1, <= 7.20.1 is affected.
- Version 7.20.0, <= 7.20.0 is affected.
- Version 7.19.7, <= 7.19.7 is affected.
- Version 7.19.6, <= 7.19.6 is affected.
- Version 7.19.5, <= 7.19.5 is affected.
- Version 7.19.4, <= 7.19.4 is affected.
- Version 7.19.3, <= 7.19.3 is affected.
- Version 7.19.2, <= 7.19.2 is affected.
- Version 7.19.1, <= 7.19.1 is affected.
- Version 7.19.0, <= 7.19.0 is affected.
- Version 7.18.2, <= 7.18.2 is affected.
- Version 7.18.1, <= 7.18.1 is affected.
- Version 7.18.0, <= 7.18.0 is affected.
- Version 7.17.1, <= 7.17.1 is affected.
- Version 7.17.0, <= 7.17.0 is affected.
- Version 7.16.4, <= 7.16.4 is affected.
- Version 7.16.3, <= 7.16.3 is affected.
- Version 7.16.2, <= 7.16.2 is affected.
- Version 7.16.1, <= 7.16.1 is affected.
- Version 7.16.0, <= 7.16.0 is affected.
- Version 7.15.5, <= 7.15.5 is affected.
- Version 7.15.4, <= 7.15.4 is affected.
- Version 7.15.3, <= 7.15.3 is affected.
- Version 7.15.2, <= 7.15.2 is affected.
- Version 7.15.1, <= 7.15.1 is affected.
- Version 7.15.0, <= 7.15.0 is affected.
- Version 7.14.1, <= 7.14.1 is affected.
- Version 7.14.0, <= 7.14.0 is affected.
- Version 7.13.2, <= 7.13.2 is affected.
- Version 7.13.1, <= 7.13.1 is affected.
- Version 7.13.0, <= 7.13.0 is affected.
- Version 7.12.3, <= 7.12.3 is affected.
- Version 7.12.2, <= 7.12.2 is affected.
- Version 7.12.1, <= 7.12.1 is affected.
- Version 7.12.0, <= 7.12.0 is affected.
- Version 7.11.2, <= 7.11.2 is affected.
- Version 7.11.1, <= 7.11.1 is affected.
- Version 7.11.0, <= 7.11.0 is affected.
- Version 7.10.8, <= 7.10.8 is affected.
- Version 7.10.7, <= 7.10.7 is affected.
- Version 7.10.6, <= 7.10.6 is affected.
- Version 7.10.5, <= 7.10.5 is affected.
- Version 7.10.4, <= 7.10.4 is affected.
- Version 7.10.3, <= 7.10.3 is affected.
- Version 7.10.2, <= 7.10.2 is affected.
- Version 7.10.1, <= 7.10.1 is affected.
- Version 7.10, <= 7.10 is affected.
- Version 7.9.8, <= 7.9.8 is affected.
- Version 7.9.7, <= 7.9.7 is affected.
- Version 7.9.6, <= 7.9.6 is affected.
- Version 7.9.5, <= 7.9.5 is affected.
- Version 7.9.4, <= 7.9.4 is affected.
- Version 7.9.3, <= 7.9.3 is affected.
- Version 7.9.2, <= 7.9.2 is affected.
- Version 7.9.1, <= 7.9.1 is affected.
- Version 7.9, <= 7.9 is affected.
- Version 7.8.1, <= 7.8.1 is affected.
- Version 7.8, <= 7.8 is affected.
- Version 7.7.3, <= 7.7.3 is affected.
- Version 7.7.2, <= 7.7.2 is affected.
- Version 7.7.1, <= 7.7.1 is affected.
- Version 7.7, <= 7.7 is affected.
- Version 7.6.1, <= 7.6.1 is affected.
- Version 7.6, <= 7.6 is affected.
- Version 7.5.2, <= 7.5.2 is affected.
- Version 7.5.1, <= 7.5.1 is affected.
- Version 7.5, <= 7.5 is affected.
- Version 7.4.2, <= 7.4.2 is affected.
- Version 7.4.1, <= 7.4.1 is affected.
- Version 7.4, <= 7.4 is affected.
- Version 7.3, <= 7.3 is affected.
- Version 7.2.1, <= 7.2.1 is affected.
- Version 7.2, <= 7.2 is affected.
- Version 7.1.1, <= 7.1.1 is affected.
- Version 7.1, <= 7.1 is affected.
- Version 6.5.2, <= 6.5.2 is affected.
- Version 6.5.1, <= 6.5.1 is affected.
- Version 6.5, <= 6.5 is affected.
Exploit Probability
EPSS
0.95%
Percentile
76.08%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.