A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
CWE-522
CVE-2022-27774
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
CVE-2022-27544
BigFix Web Reports authorized users may see SMTP credentials in clear text.
CVE-2022-27548
HCL Launch stores user credentials in plain clear text which can be read by a local user.
CVE-2022-27560
HCL VersionVault Express exposes administrator credentials.
CVE-2022-27179
A malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain access to the protected resource. If the same passwords were used for other resources, further such assets may be compromised.