#VU16783 Information disclosure in wget


Published: 2019-01-02

Vulnerability identifier: #VU16783

Vulnerability risk: Low

CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-20483

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
wget
Server applications / File servers (FTP/HTTP)

Vendor: GNU

Description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to set_file_metadata in xattr.c stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file. A local attacker can read this attribute, as demonstrated by getfattr and obtain credentials contained in the URL.

Mitigation
Update to version 1.20.1.

Vulnerable software versions

wget: 1.5.3 - 1.20

External links
http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS
http://twitter.com/marcan42/status/1077676739877232640

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Information disclosure in IBM Watson Discovery
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data update for GNU wget
Red Hat update for curl
Ubuntu update for Wget
Gentoo update for GNU Wget
Amazon Linux AMI update for curl
OpenSUSE Linux update for wget
Information disclosure in wget (Alpine package)
Information disclosure in GNU wget