A vulnerability in GNU Wget could allow a local attacker to access sensitive information on a targeted system.
The vulnerability exists in the set_file_metadata function, as defined in the xattr.c source code file of the affected software, and is due to the improper handling of origin URLs. A local attacker could exploit this vulnerability by reading the user.xdg.orgin.url metadata attribute on the targeted system. A successful exploit could allow the attacker to access sensitive information, which could be used to conduct further attacks.
Proof-of-concept (PoC) code that exploits this vulnerability is publicly available.
The vendor has confirmed the vulnerability and released software updates.
Security Impact Rating: Medium