CVE-2022-27774: 
Splunk Forwarder vulnerability analysis and mitigation

CVE-2022-27774 is an insufficiently protected credentials vulnerability affecting curl versions 4.9 through 7.82.0. The vulnerability was discovered by Harry Sintonen and disclosed on April 27, 2022. The flaw exists in curl's handling of credentials during HTTP(S) redirects, where the 'same host check' functionality was improperly implemented (Curl Advisory).

The vulnerability stems from a flaw in curl's credential protection mechanism during redirect handling. When curl follows redirects from auth-protected HTTP(S) URLs to other protocols and port numbers, it incorrectly leaks credentials to other servers. The issue affects the 'same host check' functionality, which fails to properly handle cross-protocol redirects and doesn't consider different port numbers as separate hosts. The vulnerability has been assigned a CVSS score of 5.7 (Medium) with a vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N (NetApp Advisory).

When exploited, this vulnerability could lead to the disclosure of sensitive authentication credentials to unauthorized servers. The flaw could expose user credentials and TLS SRP credentials when following redirects from authenticated HTTP(S) URLs to different protocols or port numbers (Curl Advisory).

The vulnerability was fixed in curl version 7.83.0. Users are recommended to upgrade to this version or later. For those unable to upgrade immediately, the recommended workaround is to switch off curl's automatic redirect following. Two separate patches were provided: the main fix and an SRP follow-up patch (Curl Advisory).