Bug ID 1120488
Summary VUL-1: CVE-2019-3500: aria2: metadata and potential password leaks via --log=
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.0
Hardware Other
URL https://smash.suse.de/issue/221964/
OS Other
Status NEW
Severity Minor
Priority P5 - None
Component Basesystem
Assignee mpluskal@suse.com
Reporter abergmann@suse.com
QA Contact security-team@suse.de
Found By Security Response Team
Blocker ---

CVE-2019-3500

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic
Authentication username and password in a file, which might allow local users
to obtain sensitive information by reading this file.

References:
https://github.com/aria2/aria2/issues/1329
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3500


You are receiving this mail because: