Vulnerability Details : CVE-2018-20483
set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.
Vulnerability category: Information leak
Products affected by CVE-2018-20483
- cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-20483
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-20483
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2018-20483
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-20483
-
http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS
NEWS - wget.git - GNU WgetRelease Notes;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:3701
RHSA-2019:3701 - Security Advisory - Red Hat Customer Portal
-
https://twitter.com/marcan42/status/1077676739877232640
Hector Martin on Twitter: "So yeah, um, this is not okay. It is not discoverable and could easily leak sensitive information. Auth credentials even, seriously? Also Chrome does this too. And it is preExploit;Third Party Advisory
-
http://www.securityfocus.com/bid/106358
GNU wget CVE-2018-20483 Local Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
https://security.gentoo.org/glsa/201903-08
GNU Wget: Password and metadata leak (GLSA 201903-08) — Gentoo securityThird Party Advisory
-
https://usn.ubuntu.com/3943-1/
USN-3943-1: Wget vulnerabilities | Ubuntu security notices
-
https://security.netapp.com/advisory/ntap-20190321-0002/
CVE-2018-20483 GNU Wget Vulnerability in NetApp Products | NetApp Product Security
Jump to