Early Access — Mondoo Vulnerability Intelligence is currently in preview.
When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare circumstance.
7.79.1.08.1.2.0Exploitability
AV:NAC:HPR:NUI:NScope
S:UImpact
C:LI:NA:NCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N