Authentication Bypass by Primary Weakness

CVE-2023-27536

High

9.8/10

Summary

An authentication bypass vulnerability exists libcurl 7.22.0 through 7.88.1 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the "CURLOPT_GSSAPI_DELEGATION" option. This vulnerability affects "krb5/kerberos/negotiate/GSSAPI" transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the "CURLOPT_GSSAPI_DELEGATION" option has been changed.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-305 - Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

References

Advisory Timeline

Published Mar 30, 2023

Authentication Bypass by Primary Weakness

CVE-2023-27536

Summary

CWE-305 - Authentication Bypass by Primary Weakness

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS