Published: 26/12/2018 Updated: 24/08/2020

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

set_file_metadata in xattr.c in GNU Wget prior to 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu wget

Debian Bug report logs - #917375 wget: CVE-2018-20483 Package: src:wget; Maintainer for src:wget is Noël Köthe <noel@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 26 Dec 2018 20:27:02 UTC Severity: serious Tags: security, upstream Found in version wget/120-1 Fixed in version wget/1 ...

Several security issues were fixed in Wget ...

Synopsis Moderate: curl security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for curl is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base sco ...

Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...

set_file_metadata in xattrc in GNU Wget stores a file's origin URL in the userxdgoriginurl metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (eg, credentials contained in the URL) by reading this attribute, as demonstrated by getfattr This also applies to Referer in ...

libcurl is vulnerable to a heap buffer out-of-bounds read The function handling incoming NTLM type-2 messages (`lib/vauth/ntlmc:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length ...

set_file_metadata in xattrc in GNU Wget before 1201 stores a file's origin URL in the userxdgoriginurl metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (eg, credentials contained in the URL) by reading this attribute, as demonstrated by getfattr This also applies ...

Open-source devs: Wget off your bloated festive behinds and patch this user cred-blabbing bug

The Register • Richard Chirgwin • 02 Jan 2019

New year, new CVE

Happy New Year! Oh, and if you include GNU's wget utility in software you write, pull down the new version released on Boxing Day and push out updates to your users. The popular utility retrieves internet-hosted HTTP/HTTPS and FTP/FTPS content and some years ago began storing extended attributes on disk as URIs. On Christmas Day, security researcher Gynvael Coldwind (@gynvael) noted on Twitter that the stored attributes can include user credentials: Though only stored locally, user IDs and passw...

CVE-2018-20483

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect