CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-3500 – aria2 1.33.1 Password Disclosure
https://notcve.org/view.php?id=CVE-2019-3500
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. aria2c en la versión 1.33.1 de aria2, cuando se utiliza --log, puede almacenar un nombre de usuario y contraseña de HTTP Basic Authentication en un archivo, lo que podría permitir a usuarios locales obtener información sensible al leer dicho archivo. aria2 version 1.33.1 suffers from a password disclosure vulnerability when logging URLs with secrets in them. • https://github.com/aria2/aria2/issues/1329 https://lists.debian.org/debian-lts-announce/2019/01/msg00012.html https://lists.debian.org/debian-lts-announce/2021/12/msg00039.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/532M22TAOOIY3J4XX4R7BLZHXJRUSBQ2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MUUYDELHRLVE2AFNVR3OJ6ILUKVLY4B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5OLPTVYHJZ • CWE-532: Insertion of Sensitive Information into Log File •