cvelist/2022/32xxx/CVE-2022-32207.json

{
    "data_type": "CVE",
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2022-32207",
        "ASSIGNER": "support@hackerone.com",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "n/a",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "https://github.com/curl/curl",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "Fixed in 7.84.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Business Logic Errors (CWE-840)"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "name": "https://hackerone.com/reports/1573634",
                "url": "https://hackerone.com/reports/1573634"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-1b3d7f6973",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
            },
            {
                "refsource": "DEBIAN",
                "name": "DSA-5197",
                "url": "https://www.debian.org/security/2022/dsa-5197"
            },
            {
                "refsource": "CONFIRM",
                "name": "https://security.netapp.com/advisory/ntap-20220915-0003/",
                "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
            },
            {
                "refsource": "CONFIRM",
                "name": "https://support.apple.com/kb/HT213488",
                "url": "https://support.apple.com/kb/HT213488"
            },
            {
                "refsource": "FULLDISC",
                "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
                "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
            },
            {
                "refsource": "FULLDISC",
                "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
                "url": "http://seclists.org/fulldisclosure/2022/Oct/28"
            },
            {
                "refsource": "GENTOO",
                "name": "GLSA-202212-01",
                "url": "https://security.gentoo.org/glsa/202212-01"
            }
        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended."
            }
        ]
    }
}
"-Synchronized-Data." 2022-06-02 13:46:07 +00:00			`{`
			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"data_version": "4.0",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2022-32207",`
"-Synchronized-Data." 2022-07-07 13:00:44 +00:00			`"ASSIGNER": "support@hackerone.com",`
			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "n/a",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "https://github.com/curl/curl",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "Fixed in 7.84.0"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Business Logic Errors (CWE-840)"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"refsource": "MISC",`
			`"name": "https://hackerone.com/reports/1573634",`
			`"url": "https://hackerone.com/reports/1573634"`
"-Synchronized-Data." 2022-07-15 03:00:45 +00:00			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-1b3d7f6973",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"`
"-Synchronized-Data." 2022-08-02 03:00:50 +00:00			`},`
			`{`
			`"refsource": "DEBIAN",`
			`"name": "DSA-5197",`
			`"url": "https://www.debian.org/security/2022/dsa-5197"`
"-Synchronized-Data." 2022-09-15 18:00:36 +00:00			`},`
			`{`
			`"refsource": "CONFIRM",`
			`"name": "https://security.netapp.com/advisory/ntap-20220915-0003/",`
			`"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"`
"-Synchronized-Data." 2022-10-25 21:00:35 +00:00			`},`
			`{`
			`"refsource": "CONFIRM",`
			`"name": "https://support.apple.com/kb/HT213488",`
			`"url": "https://support.apple.com/kb/HT213488"`
"-Synchronized-Data." 2022-10-30 23:00:32 +00:00			`},`
			`{`
			`"refsource": "FULLDISC",`
			`"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",`
			`"url": "http://seclists.org/fulldisclosure/2022/Oct/41"`
"-Synchronized-Data." 2022-12-19 04:00:41 +00:00			`},`
			`{`
			`"refsource": "FULLDISC",`
			`"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",`
			`"url": "http://seclists.org/fulldisclosure/2022/Oct/28"`
			`},`
			`{`
			`"refsource": "GENTOO",`
			`"name": "GLSA-202212-01",`
			`"url": "https://security.gentoo.org/glsa/202212-01"`
"-Synchronized-Data." 2022-07-07 13:00:44 +00:00			`}`
			`]`
"-Synchronized-Data." 2022-06-02 13:46:07 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2022-07-07 13:00:44 +00:00			`"value": "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the updated file accessible to more users than intended."`
"-Synchronized-Data." 2022-06-02 13:46:07 +00:00			`}`
			`]`
			`}`
			`}`