CVE-2019-3500

Опубликовано: 02 янв. 2019

Источник: debian

Описание

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
aria2	fixed	1.34.0-4		package

Примечания

https://github.com/aria2/aria2/issues/1329
Masking of all authorization and cookie header fields (but not userinfo in URL):
https://github.com/aria2/aria2/commit/37368130ca7de5491a75fd18a20c5c5cc641824a

Связанные уязвимости

CVE-2019-3500

CVSS3: 7.8

ubuntu

около 7 лет назад

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.

CVE-2019-3500

CVSS3: 7.8

nvd

около 7 лет назад

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.

openSUSE-SU-2021:1125-1

suse-cvrf

больше 4 лет назад

Security update for aria2

openSUSE-SU-2019:0050-1

suse-cvrf

почти 7 лет назад

Security update for aria2

GHSA-g768-79g3-c28j

CVSS3: 7.8

github

больше 3 лет назад

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.