MidnightBSD

Advisories for aria2_project

CVE-2019-3500 LOW

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,

Products Affected

Vendor Product Version
debian debian_linux 8.0
canonical ubuntu_linux 19.04
canonical ubuntu_linux 18.10
fedoraproject fedora 30
debian debian_linux 9.0
fedoraproject fedora 29
fedoraproject fedora 28
aria2_project aria2 1.33.1