64 lines
2.4 KiB
JSON
Raw Normal View History

{
"id": "CVE-2025-0167",
"sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9",
"published": "2025-02-05T10:15:22.710",
"lastModified": "2025-03-07T01:15:12.110",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When asked to use a `.netrc` file for credentials **and** to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has a `default` entry that\nomits both login and password. A rare circumstance."
},
{
"lang": "es",
"value": "Cuando se le pide que use un archivo `.netrc` para las credenciales **y** para seguir redirecciones HTTP, curl podr\u00eda filtrar la contrase\u00f1a utilizada para el primer host al host siguiente en determinadas circunstancias. Esta falla solo se manifiesta si el archivo netrc tiene una entrada `default` que omite tanto el nombre de usuario como la contrase\u00f1a. Una circunstancia poco com\u00fan."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"baseScore": 3.4,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://curl.se/docs/CVE-2025-0167.html",
"source": "2499f714-1537-4658-8207-48ae4bb9eae9"
},
{
"url": "https://curl.se/docs/CVE-2025-0167.json",
"source": "2499f714-1537-4658-8207-48ae4bb9eae9"
},
{
"url": "https://hackerone.com/reports/2917232",
"source": "2499f714-1537-4658-8207-48ae4bb9eae9"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250306-0008/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://curl.se/docs/CVE-2025-0167.html",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}