CVE-2022-32207

CRITICAL Year: 2022
CVSS v3 Score
9.8
Critical
CVSS v2 Score
7.5
High
Weakness Type
CWE-840
View all →

Vulnerability Description

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.

Related Vulnerabilities

CVE-2022-0688

CRITICAL
CVSS:9.4(Critical)

Business Logic Errors in Packagist microweber/microweber prior to 1.2.11.

CWE-8402022

CVE-2022-1848

CRITICAL
CVSS:9.0(Critical)

Business Logic Errors in GitHub repository erudika/para prior to 1.45.11.

CWE-8402022

CVE-2019-3787

HIGH
CVSS:8.8(High)

Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. This domain is ...

CWE-8402019

CVE-2019-3789

HIGH
CVSS:8.8(High)

Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permission...

CWE-8402019

CVE-2022-0935

HIGH
CVSS:8.8(High)

Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.

CWE-8402022

CVE-2023-6514

HIGH
CVSS:8.8(High)

The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted fu...

CWE-8402023