GNU Wget set_file_metadata Information Disclosure Vulnerability



A vulnerability in GNU Wget could allow a local attacker to access sensitive information on a targeted system.

The vulnerability exists in the set_file_metadata function, as defined in the xattr.c source code file of the affected software, and is due to the improper handling of origin URLs. A local attacker could exploit this vulnerability by reading the user.xdg.orgin.url metadata attribute on the targeted system. A successful exploit could allow the attacker to access sensitive information, which could be used to conduct further attacks.

Proof-of-concept (PoC) code that exploits this vulnerability is publicly available.

The vendor has confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2018-20483

Source:: Cisco Multivendor Vulnerability Alerts