CVE-2021-31879 - log back

CVE-2021-31879 edited at 04 Apr 2022 22:38:03
Description
- GNU Wget does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
+ A flaw was found in wget. If wget sends an Authorization header as part of a query and receives an HTTP REDIRECT to a third party in return, the Authorization header will be forwarded as part of the redirected request. This issue creates a password leak, as the second server receives the password. The highest threat from this vulnerability is confidentiality.
Notes
+ related issue to CVE-2018-1000007
+
+ Mitigation
+ Use `--max-redirect 0` when the request contains Authorization header to prevent wget to redirect the request.
CVE-2021-31879 edited at 09 Sep 2021 09:37:49
References
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
+ https://savannah.gnu.org/bugs/?56909
CVE-2021-31879 edited at 09 Sep 2021 09:36:37
Description
- GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
+ GNU Wget does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
CVE-2021-31879 edited at 29 Apr 2021 12:53:45
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
References
+ https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
Notes
CVE-2021-31879 created at 29 Apr 2021 12:52:58