How severe is CVE-2022-27779?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2022-27779?

This is classified as CWE-201, which is a common weakness in software security.

CVE-2022-27779

MEDIUM Year: 2022

CVSS v3 Score

5.3

Medium

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-201

View all →

Vulnerability Description

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.

CVE-2020-25703

MEDIUM

CVSS:5.3(Medium)

The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. T...

CWE-2012020

CVE-2021-1129

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security App...

CWE-2012021

CVE-2023-3102

MEDIUM

CVSS:5.3(Medium)

A sensitive information leak issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows access to title...

CWE-2012023

CVE-2023-34968

MEDIUM

CVSS:5.3(Medium)

A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries...

CWE-2012023

CVE-2023-38013

MEDIUM

CVSS:5.3(Medium)

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that co...

CWE-2012023

CVE-2023-3949

MEDIUM

CVSS:5.3(Medium)

An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was pos...

CWE-2012023

CVE-2022-27779

Vulnerability Description

Related Vulnerabilities

CVE-2020-25703

CVE-2021-1129

CVE-2023-3102

CVE-2023-34968

CVE-2023-38013

CVE-2023-3949