Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
GNU Wget 信息泄露漏洞
Vulnerability Description
GNU Wget是GNU计划开发的一套用于在网络上进行下载的自由软件,它支持通过HTTP、HTTPS以及FTP这三个最常见的TCP/IP协议下载。 GNU Wget 1.20.1之前版本中的xattr.c文件的‘set_file_metadata’函数存在安全漏洞,该漏洞源于程序将文件的原始URL存储在user.xdg.origin.url元数据属性中。本地攻击者可通过读取该属性利用该漏洞获取敏感信息(包括:URL中所包含的凭证)。
CVSS Information
N/A
Vulnerability Type
N/A