CVE-2022-30115

MEDIUM Year: 2022
CVSS v3 Score
4.3
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-325
View all →

Vulnerability Description

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.

Related Vulnerabilities

CVE-2017-2598

MEDIUM
CVSS:4.3(Medium)

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).

CWE-3252017

CVE-2017-2600

MEDIUM
CVSS:4.3(Medium)

In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURIT...

CWE-3252017

CVE-2025-5323

MEDIUM
CVSS:3.7(Low)

A vulnerability, which was classified as problematic, has been found in fossasia open-event-server 1.19.1. This issue affects the function send_email_change_user_email of the file /fossasia/open-event...

CWE-3252025

CVE-2017-2603

LOW
CVSS:3.5(Low)

Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).

CWE-3252017

CVE-2020-10702

MEDIUM
CVSS:5.5(Medium)

A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation...

CWE-3252020