CVE-2023-27538: 
MySQL vulnerability analysis and mitigation

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings (CURLOPTSSHPUBLICKEYFILE and CURLOPTSSHPRIVATEKEYFILE) were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection. This flaw was initially introduced in curl 7.16.1 (Curl Docs).

The vulnerability affects libcurl versions from 7.16.1 to 7.88.1. The issue stems from the connection pooling mechanism where previously used connections are kept for reuse if they match the current setup. The vulnerability specifically relates to two SSH settings that were not properly checked during connection matching. The CVSS v3.1 base score is 5.5 (MEDIUM) with a vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This vulnerability is classified as CWE-305: Authentication Bypass by Primary Weakness and is partially identical to CVE-2022-27782 (NVD, NetApp Advisory).

The vulnerability could lead to the reuse of an inappropriate connection, potentially resulting in unauthorized access to sensitive information. The severity is considered Low to Medium, as it affects only two options that rarely change with the expectation that the user is different (Curl Docs).

The vulnerability has been fixed in curl version 8.0.0. Users are recommended to upgrade to this version or later. For systems that cannot be immediately upgraded, avoiding SCP and SFTP transfers can serve as a temporary workaround (Debian LTS, Gentoo Advisory).