CVE-2023-23914: 
Splunk Forwarder vulnerability analysis and mitigation

A cleartext transmission of sensitive information vulnerability (CVE-2023-23914) was discovered in curl versions 7.77.0 through 7.87.0. The vulnerability affects curl's HSTS (HTTP Strict Transport Security) functionality, which fails when multiple URLs are requested serially. This issue was introduced in curl 7.77.0 and was fixed in version 7.88.0, released on February 15, 2023 (Curl Advisory).

The vulnerability occurs when curl's HSTS support is enabled and multiple URLs are requested serially. The HSTS state is not properly carried between transfers on the same command line, causing the HSTS mechanism to be ignored by subsequent transfers. This is specifically a curl command line issue and does not affect libcurl. The vulnerability has been assigned CWE-319: Cleartext Transmission of Sensitive Information, with a CVSS score of 9.1 (CRITICAL) (Oracle Bulletin, Curl Advisory).

When exploited, this vulnerability could lead to the disclosure of sensitive information and integrity issues, as subsequent requests may not enforce HTTPS as intended by HSTS policies. The vulnerability allows potential attackers to intercept and view data that should have been transmitted securely over HTTPS (NetApp Advisory).

The primary mitigation is to upgrade curl to version 7.88.0 or later, which properly shares the HSTS state between transfers. Alternative workarounds include specifying all URLs with HTTPS:// instead of HTTP:// or applying the patch to local versions (Curl Advisory).