Local File Exposure Vulnerability in Aria2
CVE-2019-3500

7.8HIGH

Key Information:

Vendor

Aria2 Project

Status
Aria2
Vendor
CVE Published:
2 January 2019

What is CVE-2019-3500?

In aria2 version 1.33.1, when the logging feature is enabled with the --log option, sensitive information, such as HTTP Basic Authentication credentials, can be inadvertently stored in log files. This exposure may allow local users to read and acquire these credentials, thereby compromising user privacy and security.

References

https://github.com/aria2/aria2/issues/1329
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2019/01/msg0...
mailing-listx_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.