Bug 1663991 (CVE-2019-3500) - CVE-2019-3500 aria2: Password leak for HTTP based authentication
Summary: CVE-2019-3500 aria2: Password leak for HTTP based authentication
Status: NEW
Alias: CVE-2019-3500
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Whiteboard: impact=moderate,public=20190101,repor...
Keywords: Security
Depends On: 1663992 1663993
TreeView+ depends on / blocked
Reported: 2019-01-07 13:37 UTC by Andrej Nemec
Modified: 2019-01-07 13:38 UTC (History)
1 user (show)

Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Andrej Nemec 2019-01-07 13:37:46 UTC
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.

Upstream issue:


Upstream patch:




Comment 1 Andrej Nemec 2019-01-07 13:38:07 UTC
Created aria2 tracking bugs for this issue:

Affects: epel-7 [bug 1663993]
Affects: fedora-all [bug 1663992]

Note You need to log in before you can comment on or make changes to this bug.