CVE-2022-32207 Information
Jul 08, 2022
cve
Description
When curl < 7.84.0 saves cookies alt-svc and hsts data to local files it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation it might accidentally widen the permissions for the target file leaving the updated file accessible to more users than intended.
Reference
https://hackerone.com/reports/1573634 When curl < 7.84.0 saves cookies alt-svc and hsts data to local files it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation it might accidentally widen the permissions for the target file leaving the updated file accessible to more users than intended.
Share on: