An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2023-03-30T00:00:00
Updated: 2024-08-02T12:16:35.616Z
Reserved: 2023-03-02T00:00:00
Link: CVE-2023-27536
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-03-30T20:15:07.547
Modified: 2024-11-21T07:53:07.250
Link: CVE-2023-27536
Redhat