Local Information Disclosure in GNU Wget Affected By Metadata Leakage
CVE-2018-20483
7.8HIGH
What is CVE-2018-20483?
A flaw in GNU Wget allows local users to access sensitive information through the metadata attributes of downloaded files. Specifically, the 'user.xdg.origin.url' and 'user.xdg.referrer.url' attributes store sensitive data, including URL information that may contain credentials. Attackers can exploit this vulnerability by utilizing tools such as 'getfattr' to read this metadata, potentially leading to unauthorized access to confidential information.