This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Fedoraproject
  • Fedora
Haxx
  • Curl
Redhat
  • Enterprise Linux
  • Jboss Core Services
  • Logging
  • Openshift Data Foundation
  • Rhel Eus

Configuration 1 [-]

cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
Package CPE Advisory Released Date
JBoss Core Services for RHEL 8
jbcs-httpd24-curl-0:8.6.0-3.el8jbcs cpe:/a:redhat:jboss_core_services:1::el8 RHSA-2024:1316 2024-03-18T00:00:00Z
JBoss Core Services on RHEL 7
jbcs-httpd24-curl-0:8.6.0-3.el7jbcs cpe:/a:redhat:jboss_core_services:1::el7 RHSA-2024:1316 2024-03-18T00:00:00Z
Red Hat Enterprise Linux 8
curl-0:7.61.1-33.el8_9.5 cpe:/o:redhat:enterprise_linux:8 RHSA-2024:1601 2024-04-02T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
curl-0:7.61.1-22.el8_6.12 cpe:/o:redhat:rhel_eus:8.6 RHSA-2024:0428 2024-01-25T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
curl-0:7.61.1-30.el8_8.9 cpe:/o:redhat:rhel_eus:8.8 RHSA-2024:0585 2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9
curl-0:7.76.1-26.el9_3.3 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:1129 2024-03-05T00:00:00Z
curl-0:7.76.1-26.el9_3.3 cpe:/o:redhat:enterprise_linux:9 RHSA-2024:1129 2024-03-05T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
curl-0:7.76.1-14.el9_0.11 cpe:/a:redhat:rhel_eus:9.0 RHSA-2024:0434 2024-01-25T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
curl-0:7.76.1-23.el9_2.6 cpe:/a:redhat:rhel_eus:9.2 RHSA-2024:0452 2024-01-25T00:00:00Z
RHODF-4.15-RHEL-9
odf4/cephcsi-rhel9:v4.15.0-37 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/mcg-core-rhel9:v4.15.0-68 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/mcg-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/mcg-rhel9-operator:v4.15.0-39 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/ocs-client-console-rhel9:v4.15.0-58 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/ocs-client-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/ocs-client-rhel9-operator:v4.15.0-13 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/ocs-metrics-exporter-rhel9:v4.15.0-81 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/ocs-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/ocs-rhel9-operator:v4.15.0-79 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-cli-rhel9:v4.15.0-22 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-console-rhel9:v4.15.0-57 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-cosi-sidecar-rhel9:v4.15.0-6 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-csi-addons-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-csi-addons-rhel9-operator:v4.15.0-15 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-csi-addons-sidecar-rhel9:v4.15.0-15 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-multicluster-console-rhel9:v4.15.0-54 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-multicluster-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-multicluster-rhel9-operator:v4.15.0-10 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-must-gather-rhel9:v4.15.0-26 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-rhel9-operator:v4.15.0-19 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odr-cluster-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odr-hub-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odr-rhel9-operator:v4.15.0-21 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/rook-ceph-rhel9-operator:v4.15.0-103 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
RHOL-5.6-RHEL-8
openshift-logging/cluster-logging-operator-bundle:v5.6.18-16 cpe:/a:redhat:logging:5.6::el8 RHSA-2024:2092 2024-05-01T00:00:00Z
openshift-logging/cluster-logging-rhel8-operator:v5.6.18-7 cpe:/a:redhat:logging:5.6::el8 RHSA-2024:2092 2024-05-01T00:00:00Z
openshift-logging/elasticsearch6-rhel8:v6.8.1-409 cpe:/a:redhat:logging:5.6::el8 RHSA-2024:2092 2024-05-01T00:00:00Z
openshift-logging/elasticsearch-operator-bundle:v5.6.18-16 cpe:/a:redhat:logging:5.6::el8 RHSA-2024:2092 2024-05-01T00:00:00Z
openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-481 cpe:/a:redhat:logging:5.6::el8 RHSA-2024:2092 2024-05-01T00:00:00Z
openshift-logging/elasticsearch-rhel8-operator:v5.6.18-7 cpe:/a:redhat:logging:5.6::el8 RHSA-2024:2092 2024-05-01T00:00:00Z
openshift-logging/eventrouter-rhel8:v0.4.0-246 cpe:/a:redhat:logging:5.6::el8 RHSA-2024:2092 2024-05-01T00:00:00Z
openshift-logging/fluentd-rhel8:v1.14.6-216 cpe:/a:redhat:logging:5.6::el8 RHSA-2024:2092 2024-05-01T00:00:00Z
openshift-logging/kibana6-rhel8:v6.8.1-430 cpe:/a:redhat:logging:5.6::el8 RHSA-2024:2092 2024-05-01T00:00:00Z
openshift-logging/log-file-metric-exporter-rhel8:v1.1.0-226 cpe:/a:redhat:logging:5.6::el8 RHSA-2024:2092 2024-05-01T00:00:00Z
openshift-logging/logging-curator5-rhel8:v5.8.1-472 cpe:/a:redhat:logging:5.6::el8 RHSA-2024:2092 2024-05-01T00:00:00Z
openshift-logging/logging-loki-rhel8:v2.9.6-16 cpe:/a:redhat:logging:5.6::el8 RHSA-2024:2092 2024-05-01T00:00:00Z
openshift-logging/logging-view-plugin-rhel8:v5.6.18-3 cpe:/a:redhat:logging:5.6::el8 RHSA-2024:2092 2024-05-01T00:00:00Z
openshift-logging/loki-operator-bundle:v5.6.18-30 cpe:/a:redhat:logging:5.6::el8 RHSA-2024:2092 2024-05-01T00:00:00Z
openshift-logging/loki-rhel8-operator:v5.6.18-12 cpe:/a:redhat:logging:5.6::el8 RHSA-2024:2092 2024-05-01T00:00:00Z
openshift-logging/lokistack-gateway-rhel8:v0.1.0-528 cpe:/a:redhat:logging:5.6::el8 RHSA-2024:2092 2024-05-01T00:00:00Z
openshift-logging/opa-openshift-rhel8:v0.1.0-226 cpe:/a:redhat:logging:5.6::el8 RHSA-2024:2092 2024-05-01T00:00:00Z
openshift-logging/vector-rhel8:v0.21.0-127 cpe:/a:redhat:logging:5.6::el8 RHSA-2024:2092 2024-05-01T00:00:00Z
RHOL-5.7-RHEL-8
openshift-logging/cluster-logging-operator-bundle:v5.7.13-16 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/cluster-logging-rhel8-operator:v5.7.13-7 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/elasticsearch6-rhel8:v6.8.1-408 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/elasticsearch-operator-bundle:v5.7.13-19 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-480 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/elasticsearch-rhel8-operator:v5.7.13-9 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/eventrouter-rhel8:v0.4.0-248 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/fluentd-rhel8:v1.14.6-215 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/kibana6-rhel8:v6.8.1-431 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/log-file-metric-exporter-rhel8:v1.1.0-228 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/logging-curator5-rhel8:v5.8.1-471 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/logging-loki-rhel8:v2.9.6-15 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/logging-view-plugin-rhel8:v5.7.13-3 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/loki-operator-bundle:v5.7.13-27 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/loki-rhel8-operator:v5.7.13-12 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/lokistack-gateway-rhel8:v0.1.0-527 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/opa-openshift-rhel8:v0.1.0-225 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
openshift-logging/vector-rhel8:v0.28.1-57 cpe:/a:redhat:logging:5.7::el8 RHSA-2024:2093 2024-05-01T00:00:00Z
RHOL-5.8-RHEL-9
openshift-logging/cluster-logging-operator-bundle:v5.8.6-22 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/cluster-logging-rhel9-operator:v5.8.6-11 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/elasticsearch6-rhel9:v6.8.1-407 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/elasticsearch-operator-bundle:v5.8.6-19 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/elasticsearch-proxy-rhel9:v1.0.0-479 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/elasticsearch-rhel9-operator:v5.8.6-7 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/eventrouter-rhel9:v0.4.0-247 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/fluentd-rhel9:v5.8.6-5 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-227 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/logging-curator5-rhel9:v5.8.1-470 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/logging-loki-rhel9:v2.9.6-14 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/logging-view-plugin-rhel9:v5.8.6-2 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/loki-operator-bundle:v5.8.6-24 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/loki-rhel9-operator:v5.8.6-10 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/lokistack-gateway-rhel9:v0.1.0-525 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/opa-openshift-rhel9:v0.1.0-224 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
openshift-logging/vector-rhel9:v0.28.1-56 cpe:/a:redhat:logging:5.8::el9 RHSA-2024:2094 2024-05-01T00:00:00Z
Text-Only JBCS
curl cpe:/a:redhat:jboss_core_services:1 RHSA-2024:1317 2024-03-18T00:00:00Z
References
Link Providers
https://curl.se/docs/CVE-2023-46218.html cve-icon cve-icon cve-icon
https://hackerone.com/reports/2212193 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-46218 cve-icon
https://security.netapp.com/advisory/ntap-20240125-0007/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-46218 cve-icon
https://www.debian.org/security/2023/dsa-5587 cve-icon cve-icon
History

Thu, 13 Feb 2025 17:30:00 +0000

Type Values Removed Values Added
Description This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain. This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2025-02-13T17:14:19.396Z

Reserved: 2023-10-19T01:00:12.854Z

Link: CVE-2023-46218

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-07T01:15:07.160

Modified: 2025-02-13T18:15:33.843

Link: CVE-2023-46218

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-12-06T07:00:00Z

Links: CVE-2023-46218 - Bugzilla