Home > Vulnerability Database > CVE-2023-23914

Mend.io Vulnerability Database

CVE-2023-23914

Good to know:

Date: February 22, 2023

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.

Language: C

Severity Score

9.1

Related Resources (8)

Url: https://security-tracker.debian.org/tracker/CVE-2023-23914

Url: https://security.netapp.com/advisory/ntap-20230309-0006/

Url: https://seclists.org/oss-sec/2023/q1/98

Url: https://hackerone.com/reports/1813864

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-23914

Url: https://github.com/curl/curl/commit/076a2f629119222aeeb50f5a03bf9f9052fabb9a

Url: https://security.gentoo.org/glsa/202310-12

Url: https://www.mend.io/vulnerability-database/CVE-2023-23914

Severity Score

9.1

Weakness Type (CWE)

Cleartext Transmission of Sensitive Information

CWE-319

Top Fix

Upgrade Version

Upgrade to version curl-7_88_0

Learn More

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-23914

Good to know:

Date: February 22, 2023

Language: C

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?