{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T07:11:11.049","vulnerabilities":[{"cve":{"id":"CVE-2023-27535","sourceIdentifier":"support@hackerone.com","published":"2023-03-30T20:15:07.483","lastModified":"2025-06-09T15:15:28.903","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-305"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*","versionStartIncluding":"7.13.0","versionEndIncluding":"7.88.1","matchCriteriaId":"9C599258-A578-454A-BB51-AC2B5C4BE0A8"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","matchCriteriaId":"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*","matchCriteriaId":"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:ontap_9:-:*:*:*:*:*:*:*","matchCriteriaId":"AD886814-B4A0-4764-9F08-2060601D8E89"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6770B6C3-732E-4E22-BF1C-2D2FD610061C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*","matchCriteriaId":"9F9C8C20-42EB-4AB5-BD97-212DEB070C43"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7FFF7106-ED78-49BA-9EC5-B889E3685D53"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*","matchCriteriaId":"E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"56409CEC-5A1E-4450-AA42-641E459CC2AF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*","matchCriteriaId":"B06F4839-D16A-4A61-9BB5-55B13F41E47F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D0B4AD8A-F172-4558-AEC6-FF424BA2D912"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*","matchCriteriaId":"8497A4C9-8474-4A62-8331-3FE862ED4098"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2.0","versionEndExcluding":"8.2.12","matchCriteriaId":"5722E753-75DE-4944-A11B-556CB299B57D"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.0.6","matchCriteriaId":"DC0F9351-81A4-4FEA-B6B5-6E960A933D32"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*","matchCriteriaId":"EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"}]}]}],"references":[{"url":"https://hackerone.com/reports/1892780","source":"support@hackerone.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html","source":"support@hackerone.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/","source":"support@hackerone.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202310-12","source":"support@hackerone.com","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20230420-0010/","source":"support@hackerone.com","tags":["Third Party Advisory"]},{"url":"https://hackerone.com/reports/1892780","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202310-12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20230420-0010/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}