Description
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.
References (7)
Core 7
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/aria2/aria2/issues/1329
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/01/msg00012.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MUUYDELHRLVE2AFNVR3OJ6ILUKVLY4B/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/532M22TAOOIY3J4XX4R7BLZHXJRUSBQ2/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5OLPTVYHJZJ2MVEXJCNPXBSFPVPE4XX/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3965-1/
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/12/msg00039.html
Scores
CVSS v3
7.8
EPSS
0.0011
EPSS Percentile
29.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-532
Status
published
Products (8)
aria2_project/aria2
1.33.1
canonical/ubuntu_linux
18.10
canonical/ubuntu_linux
19.04
debian/debian_linux
8.0
debian/debian_linux
9.0
fedoraproject/fedora
28
fedoraproject/fedora
29
fedoraproject/fedora
30
Published
Jan 02, 2019
Tracked Since
Feb 18, 2026