Tool Description: An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
A high severity vulnerability has been discovered in your project.
Project Name: IssueTest
Scanner Name: trivy
Cwe ID: 287
Cwe Name: Improper Authentication
Cwe Link: https://cwe.mitre.org/data/definitions/287.html
CVE ID: CVE-2022-22576
Target: nginx:latest (debian 11.3)
Packages:
References:
Training(Secure Code Warrior):
Name: Improper Authentication
Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
Link: https://portal.securecodewarrior.com/?utm_source=partner-integration:kondukto#/contextual-microlearning/web/auth/missingauth
Videos:
Tool Description: An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
Custom Description: test