When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file matches the redirect target hostname, but the entry omits password or both login & password. A curl transfer with `a.com` that redirects to `b.com` that uses a `.netrc` like below (with a match, but no password specified for the second host), would make curl pass on `alicespassword` as password even in the second transfer to the separate host `b.com`. ~~~ machine a.com login alice password alicespassword default login bob ~~~
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:1671 https://access.redhat.com/errata/RHSA-2025:1671
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:1673 https://access.redhat.com/errata/RHSA-2025:1673