Published: 02/01/2019 Updated: 07/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
aria2 project aria2 1.33.1
debian debian linux 8.0
debian debian linux 9.0
fedoraproject fedora 28
fedoraproject fedora 29
fedoraproject fedora 30
canonical ubuntu linux 18.10
canonical ubuntu linux 19.04

Debian Bug report logs - #918058 aria2: CVE-2019-3500: Metadata and potential password leaks via --log= Package: src:aria2; Maintainer for src:aria2 is Patrick Ruckstuhl <patrick@chtarioorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 2 Jan 2019 21:00:02 UTC Severity: normal Tags: fixed-upstr ...

aria2 stores authentication information in plain text ...

aria2 version 1331 suffers from a password disclosure vulnerability when logging URLs with secrets in them ...

CWE-532 https://github.com/aria2/aria2/issues/1329 https://lists.debian.org/debian-lts-announce/2019/01/msg00012.html https://usn.ubuntu.com/3965-1/https://lists.debian.org/debian-lts-announce/2021/12/msg00039.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MUUYDELHRLVE2AFNVR3OJ6ILUKVLY4B/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/532M22TAOOIY3J4XX4R7BLZHXJRUSBQ2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5OLPTVYHJZJ2MVEXJCNPXBSFPVPE4XX/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918058 https://usn.ubuntu.com/3965-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-3500

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect