CVE-2023-28322 Report - Details, Severity, & Advisories
Twingate Team
•
Jul 4, 2024
What is CVE-2023-28322?
CVE-2023-28322 is a low-severity information disclosure vulnerability affecting systems using curl versions prior to 8.1.0 for HTTP(S) transfers. This vulnerability impacts various operating systems and software configurations, including macOS Ventura, macOS Monterey, and others. The issue arises when the same handle is used for both PUT and POST requests, potentially leading to unintended data exposure. Users are advised to update their curl installations to mitigate the risk associated with this vulnerability.
Who is impacted by this?
The CVE-2023-28322 vulnerability affects users of curl versions prior to 8.1.0, specifically those using libcurl versions 7.7 to 8.0.1 for HTTP(S) transfers. Additionally, macOS Ventura and macOS Monterey 12.6.8 users are impacted by this information disclosure vulnerability. In essence, this issue can lead to unintended data exposure when the same handle is used for both PUT and POST requests.
What to do if CVE-2023-28322 affected you
If you're affected by the CVE-2023-28322 vulnerability, it's crucial to update your curl installation to version 8.1.0 or later. For macOS users, update to macOS Ventura 13.5 or macOS Monterey 12.6.8, which address this issue. Regularly check for software updates and apply them promptly to keep your system secure.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-28322 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This low-severity information disclosure issue affects curl versions prior to 8.1.0 and certain macOS systems. To address the vulnerability, users should update their curl installation to version 8.1.0 or later and macOS users should update to macOS Ventura 13.5 or macOS Monterey 12.6.8.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-200, which involves exposure of sensitive information to an unauthorized actor.
Learn More
For more information about the CVE-2023-28322 vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-28322 Report - Details, Severity, & Advisories
Twingate Team
•
Jul 4, 2024
What is CVE-2023-28322?
CVE-2023-28322 is a low-severity information disclosure vulnerability affecting systems using curl versions prior to 8.1.0 for HTTP(S) transfers. This vulnerability impacts various operating systems and software configurations, including macOS Ventura, macOS Monterey, and others. The issue arises when the same handle is used for both PUT and POST requests, potentially leading to unintended data exposure. Users are advised to update their curl installations to mitigate the risk associated with this vulnerability.
Who is impacted by this?
The CVE-2023-28322 vulnerability affects users of curl versions prior to 8.1.0, specifically those using libcurl versions 7.7 to 8.0.1 for HTTP(S) transfers. Additionally, macOS Ventura and macOS Monterey 12.6.8 users are impacted by this information disclosure vulnerability. In essence, this issue can lead to unintended data exposure when the same handle is used for both PUT and POST requests.
What to do if CVE-2023-28322 affected you
If you're affected by the CVE-2023-28322 vulnerability, it's crucial to update your curl installation to version 8.1.0 or later. For macOS users, update to macOS Ventura 13.5 or macOS Monterey 12.6.8, which address this issue. Regularly check for software updates and apply them promptly to keep your system secure.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-28322 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This low-severity information disclosure issue affects curl versions prior to 8.1.0 and certain macOS systems. To address the vulnerability, users should update their curl installation to version 8.1.0 or later and macOS users should update to macOS Ventura 13.5 or macOS Monterey 12.6.8.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-200, which involves exposure of sensitive information to an unauthorized actor.
Learn More
For more information about the CVE-2023-28322 vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-28322 Report - Details, Severity, & Advisories
Twingate Team
•
Jul 4, 2024
What is CVE-2023-28322?
CVE-2023-28322 is a low-severity information disclosure vulnerability affecting systems using curl versions prior to 8.1.0 for HTTP(S) transfers. This vulnerability impacts various operating systems and software configurations, including macOS Ventura, macOS Monterey, and others. The issue arises when the same handle is used for both PUT and POST requests, potentially leading to unintended data exposure. Users are advised to update their curl installations to mitigate the risk associated with this vulnerability.
Who is impacted by this?
The CVE-2023-28322 vulnerability affects users of curl versions prior to 8.1.0, specifically those using libcurl versions 7.7 to 8.0.1 for HTTP(S) transfers. Additionally, macOS Ventura and macOS Monterey 12.6.8 users are impacted by this information disclosure vulnerability. In essence, this issue can lead to unintended data exposure when the same handle is used for both PUT and POST requests.
What to do if CVE-2023-28322 affected you
If you're affected by the CVE-2023-28322 vulnerability, it's crucial to update your curl installation to version 8.1.0 or later. For macOS users, update to macOS Ventura 13.5 or macOS Monterey 12.6.8, which address this issue. Regularly check for software updates and apply them promptly to keep your system secure.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-28322 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This low-severity information disclosure issue affects curl versions prior to 8.1.0 and certain macOS systems. To address the vulnerability, users should update their curl installation to version 8.1.0 or later and macOS users should update to macOS Ventura 13.5 or macOS Monterey 12.6.8.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-200, which involves exposure of sensitive information to an unauthorized actor.
Learn More
For more information about the CVE-2023-28322 vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions