User's IP address is exposed to the FTP server when automatically falling back from passive mode to active mode using PORT command. Wget is using normally passive mode, but this situation occurs when server rejects the PASV command. The real IP address is exposed even if client uses proxy server. Affected versions are <= 1.16.3.
Created wget tracking bugs for this issue:
Affects: fedora-all [bug 1260925]
CVE-2015-7665 was assigned to this vulnerability for Tails. This vulnerability in upstream wget distribution is not considered as vulnerability, thus there's no CVE assigned for upstream wget.