How severe is CVE-2023-23914?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2023-23914?

This is classified as CWE-319, which is a common weakness in software security.

CVE-2023-23914 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.

Related Vulnerabilities

CVE-2018-6017

CRITICAL

CVSS:9.1(Critical)

Unencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to extract private sensitive information by sniffing network traffic.

CWE-3192018

CVE-2018-6018

CRITICAL

CVSS:9.1(Critical)

Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android app allow an attacker to extract private sensitive information by sniffing network traffic.

CWE-3192018

CVE-2019-17218

CRITICAL

CVSS:9.1(Critical)

An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker is able to inte...

CWE-3192019

CVE-2020-5885

CRITICAL

CVSS:9.1(Critical)

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability (HA) pair transfer sensitive cryptographic obj...

CWE-3192020

CVE-2020-5886

CRITICAL

CVSS:9.1(Critical)

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic obj...

CWE-3192020

CVE-2021-22380

CRITICAL

CVSS:9.1(Critical)

There is a Cleartext Transmission of Sensitive Information Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality and availability.

CWE-3192021