CVE-2018-20483 - OpenCVE

set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Gnu	Wget

Configuration 1 [-]

cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*

References

Link	Resource
http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS	Release Notes Third Party Advisory
http://www.securityfocus.com/bid/106358	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2019:3701
https://security.gentoo.org/glsa/201903-08	Third Party Advisory
https://security.netapp.com/advisory/ntap-20190321-0002/
https://twitter.com/marcan42/status/1077676739877232640	Exploit Third Party Advisory
https://usn.ubuntu.com/3943-1/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-12-26T18:00:00

Updated: 2019-11-06T00:08:01

Reserved: 2018-12-26T00:00:00

Link: CVE-2018-20483

JSON object: View

NVD Information

Status : Modified

Published: 2018-12-26T18:29:00.480

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-20483

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-12-26T00:00:00", "descriptions": [{"lang": "en", "value": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-06T00:08:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-201903-08", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201903-08"}, {"name": "106358", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106358"}, {"tags": ["x_refsource_MISC"], "url": "https://twitter.com/marcan42/status/1077676739877232640"}, {"tags": ["x_refsource_MISC"], "url": "http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190321-0002/"}, {"name": "USN-3943-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3943-1/"}, {"name": "RHSA-2019:3701", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3701"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20483", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201903-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201903-08"}, {"name": "106358", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106358"}, {"name": "https://twitter.com/marcan42/status/1077676739877232640", "refsource": "MISC", "url": "https://twitter.com/marcan42/status/1077676739877232640"}, {"name": "http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS", "refsource": "MISC", "url": "http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS"}, {"name": "https://security.netapp.com/advisory/ntap-20190321-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190321-0002/"}, {"name": "USN-3943-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3943-1/"}, {"name": "RHSA-2019:3701", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3701"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-20483", "datePublished": "2018-12-26T18:00:00", "dateReserved": "2018-12-26T00:00:00", "dateUpdated": "2019-11-06T00:08:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*", "matchCriteriaId": "84434C8C-F6C0-4FBC-B469-9E45D98FFE75", "versionEndExcluding": "1.20.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl."}, {"lang": "es", "value": "set_file_metadata en xattr.c en GNU Wget, en versiones anteriores a la 1.20.1, almacena la URL de origen de un archivo en el atributo de metadatos user.xdg.origin.url de los atributos extendidos del archivo descargado. Esto permite que usuarios locales obtengan informaci\u00f3n sensible (como credenciales contenidas en la URL) al leer este atributo, tal y como queda demostrado con getfattr. Esto tambi\u00e9n aplica a la informaci\u00f3n de Referer en el atributo de metadatos user.xdg.referrer.url. Seg\u00fan la entrada del 22/07/2016 en el ChangeLog de Wget, user.xdg.origin.url estaba parcialmente basado en el comportamiento de fwrite_xattr en tool_xattr.c en curl."}], "id": "CVE-2018-20483", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-26T18:29:00.480", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106358"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:3701"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201903-08"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20190321-0002/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://twitter.com/marcan42/status/1077676739877232640"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3943-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}