CVE-2021-31879 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Information disclosure
Description	A flaw was found in wget. If wget sends an Authorization header as part of a query and receives an HTTP REDIRECT to a third party in return, the Authorization header will be forwarded as part of the redirected request. This issue creates a password leak, as the second server receives the password. The highest threat from this vulnerability is confidentiality.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1892	wget	1.21.3-1		Medium	Vulnerable

References
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html https://savannah.gnu.org/bugs/?56909

Notes
related issue to CVE-2018-1000007 Mitigation Use `--max-redirect 0` when the request contains Authorization header to prevent wget to redirect the request.