Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2021-31879
Vulnerability from cvelistv5
Published
2021-04-29 03:03
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html | Mailing List, Vendor Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210618-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210618-0002/ | Third Party Advisory |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:10:30.199Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210618-0002/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-18T09:06:25", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210618-0002/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-31879", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html", refsource: "MISC", url: "https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html", }, { name: "https://security.netapp.com/advisory/ntap-20210618-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210618-0002/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-31879", datePublished: "2021-04-29T03:03:15", dateReserved: "2021-04-29T00:00:00", dateUpdated: "2024-08-03T23:10:30.199Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2021-31879\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-04-29T05:15:08.707\",\"lastModified\":\"2024-11-21T06:06:25.020\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.\"},{\"lang\":\"es\",\"value\":\"GNU Wget versiones hasta 1.21.1, no omite el encabezado Authorization tras un redireccionamiento a un origen diferente, un problema relacionado con CVE-2018-1000007\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.21.1\",\"matchCriteriaId\":\"2FB17F65-078F-4E8C-893D-3CF3FD8B2A5C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2748912-FC54-47F6-8C0C-B96784765B8E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7CF3019-975D-40BB-A8A4-894E62BD3797\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1236B66D-EB11-4324-929F-E2B86683C3C7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"281DFC67-46BB-4FC2-BE03-3C65C9311F65\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECF32BB1-9A58-4821-AE49-5D5C8200631F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F21DE67F-CDFD-4D36-9967-633CD0240C6F\"}]}]}],\"references\":[{\"url\":\"https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210618-0002/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210618-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}", }, }
var-202104-1514
Vulnerability from variot
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. GNU Wget is a set of free software developed by the GNU Project (Gnu Project Development) for downloading on the Internet. It supports downloading through the three most common TCP/IP protocols: HTTP, HTTPS and FTP. There is a security vulnerability in GNU Wget 1.21.1 and earlier versions. The vulnerability is caused by not ignoring Authorization when redirecting to a different source
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202104-1514", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "ontap select deploy administration utility", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "a250", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "cloud backup", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "wget", scope: "lte", trust: 1, vendor: "gnu", version: "1.21.1", }, { model: "brocade fabric operating system", scope: "eq", trust: 1, vendor: "broadcom", version: null, }, { model: "500f", scope: "eq", trust: 1, vendor: "netapp", version: null, }, ], sources: [ { db: "NVD", id: "CVE-2021-31879", }, ], }, cve: "CVE-2021-31879", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CVE-2021-31879", impactScore: 4.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "VHN-391716", impactScore: 4.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:P/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, id: "CVE-2021-31879", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-31879", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202104-2167", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-391716", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2021-31879", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-391716", }, { db: "VULMON", id: "CVE-2021-31879", }, { db: "CNNVD", id: "CNNVD-202104-2167", }, { db: "NVD", id: "CVE-2021-31879", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. GNU Wget is a set of free software developed by the GNU Project (Gnu Project Development) for downloading on the Internet. It supports downloading through the three most common TCP/IP protocols: HTTP, HTTPS and FTP. There is a security vulnerability in GNU Wget 1.21.1 and earlier versions. The vulnerability is caused by not ignoring Authorization when redirecting to a different source", sources: [ { db: "NVD", id: "CVE-2021-31879", }, { db: "VULHUB", id: "VHN-391716", }, { db: "VULMON", id: "CVE-2021-31879", }, ], trust: 1.08, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-31879", trust: 1.8, }, { db: "CNNVD", id: "CNNVD-202104-2167", trust: 0.6, }, { db: "VULHUB", id: "VHN-391716", trust: 0.1, }, { db: "VULMON", id: "CVE-2021-31879", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-391716", }, { db: "VULMON", id: "CVE-2021-31879", }, { db: "CNNVD", id: "CNNVD-202104-2167", }, { db: "NVD", id: "CVE-2021-31879", }, ], }, id: "VAR-202104-1514", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-391716", }, ], trust: 0.01, }, last_update_date: "2024-11-23T22:05:08.872000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "GNU Wget Enter the fix for the verification error vulnerability", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=149520", }, { title: "Debian CVElist Bug Report Logs: CVE-2021-31879", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=ba1029a7c2538da0d8a896c8ad6f31c8", }, { title: "Arch Linux Issues: ", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-31879 log", }, { title: "Amazon Linux 2022: ALAS2022-2022-134", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-134", }, { title: "KCC", trust: 0.1, url: "https://github.com/dgardella/KCC ", }, { title: "log4jnotes", trust: 0.1, url: "https://github.com/kenlavbah/log4jnotes ", }, { title: "devops-demo", trust: 0.1, url: "https://github.com/epequeno/devops-demo ", }, ], sources: [ { db: "VULMON", id: "CVE-2021-31879", }, { db: "CNNVD", id: "CNNVD-202104-2167", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-601", trust: 1.1, }, ], sources: [ { db: "VULHUB", id: "VHN-391716", }, { db: "NVD", id: "CVE-2021-31879", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html", }, { trust: 1.2, url: "https://security.netapp.com/advisory/ntap-20210618-0002/", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2021-31879", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/601.html", }, { trust: 0.1, url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988209", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://alas.aws.amazon.com/al2022/alas-2022-134.html", }, ], sources: [ { db: "VULHUB", id: "VHN-391716", }, { db: "VULMON", id: "CVE-2021-31879", }, { db: "CNNVD", id: "CNNVD-202104-2167", }, { db: "NVD", id: "CVE-2021-31879", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-391716", }, { db: "VULMON", id: "CVE-2021-31879", }, { db: "CNNVD", id: "CNNVD-202104-2167", }, { db: "NVD", id: "CVE-2021-31879", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-04-29T00:00:00", db: "VULHUB", id: "VHN-391716", }, { date: "2021-04-29T00:00:00", db: "VULMON", id: "CVE-2021-31879", }, { date: "2021-04-29T00:00:00", db: "CNNVD", id: "CNNVD-202104-2167", }, { date: "2021-04-29T05:15:08.707000", db: "NVD", id: "CVE-2021-31879", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-05-13T00:00:00", db: "VULHUB", id: "VHN-391716", }, { date: "2022-05-13T00:00:00", db: "VULMON", id: "CVE-2021-31879", }, { date: "2021-05-07T00:00:00", db: "CNNVD", id: "CNNVD-202104-2167", }, { date: "2024-11-21T06:06:25.020000", db: "NVD", id: "CVE-2021-31879", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202104-2167", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "GNU Wget Input validation error vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202104-2167", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-202104-2167", }, ], trust: 0.6, }, }
suse-su-2025:0425-1
Vulnerability from csaf_suse
Published
2025-02-11 10:33
Modified
2025-02-11 10:33
Summary
Security update for wget
Notes
Title of the patch
Security update for wget
Description of the patch
This update for wget fixes the following issues:
- CVE-2021-31879: Authorization header disclosed upon redirects to different origins. (bsc#1185551)
Patchnames
SUSE-2025-425,SUSE-SLE-Module-Basesystem-15-SP6-2025-425,openSUSE-SLE-15.6-2025-425
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for wget", title: "Title of the patch", }, { category: "description", text: "This update for wget fixes the following issues:\n\n- CVE-2021-31879: Authorization header disclosed upon redirects to different origins. (bsc#1185551)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2025-425,SUSE-SLE-Module-Basesystem-15-SP6-2025-425,openSUSE-SLE-15.6-2025-425", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0425-1.json", }, { category: "self", summary: "URL for SUSE-SU-2025:0425-1", url: "https://www.suse.com/support/update/announcement/2025/suse-su-20250425-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2025:0425-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020304.html", }, { category: "self", summary: "SUSE Bug 1185551", url: "https://bugzilla.suse.com/1185551", }, { category: "self", summary: "SUSE Bug 1230795", url: "https://bugzilla.suse.com/1230795", }, { category: "self", summary: "SUSE CVE CVE-2021-31879 page", url: "https://www.suse.com/security/cve/CVE-2021-31879/", }, ], title: "Security update for wget", tracking: { current_release_date: "2025-02-11T10:33:15Z", generator: { date: "2025-02-11T10:33:15Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2025:0425-1", initial_release_date: "2025-02-11T10:33:15Z", revision_history: [ { date: "2025-02-11T10:33:15Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "wget-1.20.3-150600.19.12.1.aarch64", product: { name: "wget-1.20.3-150600.19.12.1.aarch64", product_id: "wget-1.20.3-150600.19.12.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "wget-1.20.3-150600.19.12.1.i586", product: { name: "wget-1.20.3-150600.19.12.1.i586", product_id: "wget-1.20.3-150600.19.12.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "wget-lang-1.20.3-150600.19.12.1.noarch", product: { name: "wget-lang-1.20.3-150600.19.12.1.noarch", product_id: "wget-lang-1.20.3-150600.19.12.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "wget-1.20.3-150600.19.12.1.ppc64le", product: { name: "wget-1.20.3-150600.19.12.1.ppc64le", product_id: "wget-1.20.3-150600.19.12.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "wget-1.20.3-150600.19.12.1.s390x", product: { name: "wget-1.20.3-150600.19.12.1.s390x", product_id: "wget-1.20.3-150600.19.12.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "wget-1.20.3-150600.19.12.1.x86_64", product: { name: "wget-1.20.3-150600.19.12.1.x86_64", product_id: "wget-1.20.3-150600.19.12.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15 SP6", product: { name: "SUSE Linux Enterprise Module for Basesystem 15 SP6", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP6", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15:sp6", }, }, }, { category: "product_name", name: "openSUSE Leap 15.6", product: { name: "openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.6", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "wget-1.20.3-150600.19.12.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP6:wget-1.20.3-150600.19.12.1.aarch64", }, product_reference: "wget-1.20.3-150600.19.12.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP6", }, { category: "default_component_of", full_product_name: { name: "wget-1.20.3-150600.19.12.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP6:wget-1.20.3-150600.19.12.1.ppc64le", }, product_reference: "wget-1.20.3-150600.19.12.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP6", }, { category: "default_component_of", full_product_name: { name: "wget-1.20.3-150600.19.12.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP6:wget-1.20.3-150600.19.12.1.s390x", }, product_reference: "wget-1.20.3-150600.19.12.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP6", }, { category: "default_component_of", full_product_name: { name: "wget-1.20.3-150600.19.12.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP6:wget-1.20.3-150600.19.12.1.x86_64", }, product_reference: "wget-1.20.3-150600.19.12.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP6", }, { category: "default_component_of", full_product_name: { name: "wget-1.20.3-150600.19.12.1.aarch64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:wget-1.20.3-150600.19.12.1.aarch64", }, product_reference: "wget-1.20.3-150600.19.12.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "wget-1.20.3-150600.19.12.1.ppc64le as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:wget-1.20.3-150600.19.12.1.ppc64le", }, product_reference: "wget-1.20.3-150600.19.12.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "wget-1.20.3-150600.19.12.1.s390x as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:wget-1.20.3-150600.19.12.1.s390x", }, product_reference: "wget-1.20.3-150600.19.12.1.s390x", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "wget-1.20.3-150600.19.12.1.x86_64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:wget-1.20.3-150600.19.12.1.x86_64", }, product_reference: "wget-1.20.3-150600.19.12.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "wget-lang-1.20.3-150600.19.12.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:wget-lang-1.20.3-150600.19.12.1.noarch", }, product_reference: "wget-lang-1.20.3-150600.19.12.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, ], }, vulnerabilities: [ { cve: "CVE-2021-31879", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-31879", }, ], notes: [ { category: "general", text: "GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP6:wget-1.20.3-150600.19.12.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:wget-1.20.3-150600.19.12.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:wget-1.20.3-150600.19.12.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:wget-1.20.3-150600.19.12.1.x86_64", "openSUSE Leap 15.6:wget-1.20.3-150600.19.12.1.aarch64", "openSUSE Leap 15.6:wget-1.20.3-150600.19.12.1.ppc64le", "openSUSE Leap 15.6:wget-1.20.3-150600.19.12.1.s390x", "openSUSE Leap 15.6:wget-1.20.3-150600.19.12.1.x86_64", "openSUSE Leap 15.6:wget-lang-1.20.3-150600.19.12.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-31879", url: "https://www.suse.com/security/cve/CVE-2021-31879", }, { category: "external", summary: "SUSE Bug 1185551 for CVE-2021-31879", url: "https://bugzilla.suse.com/1185551", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP6:wget-1.20.3-150600.19.12.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:wget-1.20.3-150600.19.12.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:wget-1.20.3-150600.19.12.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:wget-1.20.3-150600.19.12.1.x86_64", "openSUSE Leap 15.6:wget-1.20.3-150600.19.12.1.aarch64", "openSUSE Leap 15.6:wget-1.20.3-150600.19.12.1.ppc64le", "openSUSE Leap 15.6:wget-1.20.3-150600.19.12.1.s390x", "openSUSE Leap 15.6:wget-1.20.3-150600.19.12.1.x86_64", "openSUSE Leap 15.6:wget-lang-1.20.3-150600.19.12.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP6:wget-1.20.3-150600.19.12.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP6:wget-1.20.3-150600.19.12.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP6:wget-1.20.3-150600.19.12.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP6:wget-1.20.3-150600.19.12.1.x86_64", "openSUSE Leap 15.6:wget-1.20.3-150600.19.12.1.aarch64", "openSUSE Leap 15.6:wget-1.20.3-150600.19.12.1.ppc64le", "openSUSE Leap 15.6:wget-1.20.3-150600.19.12.1.s390x", "openSUSE Leap 15.6:wget-1.20.3-150600.19.12.1.x86_64", "openSUSE Leap 15.6:wget-lang-1.20.3-150600.19.12.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-02-11T10:33:15Z", details: "moderate", }, ], title: "CVE-2021-31879", }, ], }
suse-su-2025:0366-1
Vulnerability from csaf_suse
Published
2025-02-05 10:57
Modified
2025-02-05 10:57
Summary
Security update for wget
Notes
Title of the patch
Security update for wget
Description of the patch
This update for wget fixes the following issues:
- CVE-2021-31879: Authorization header disclosed upon redirects to different origins. (bsc#1185551)
Patchnames
SUSE-2025-366,SUSE-SLE-Micro-5.5-2025-366
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for wget", title: "Title of the patch", }, { category: "description", text: "This update for wget fixes the following issues:\n\n- CVE-2021-31879: Authorization header disclosed upon redirects to different origins. (bsc#1185551)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2025-366,SUSE-SLE-Micro-5.5-2025-366", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0366-1.json", }, { category: "self", summary: "URL for SUSE-SU-2025:0366-1", url: "https://www.suse.com/support/update/announcement/2025/suse-su-20250366-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2025:0366-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020279.html", }, { category: "self", summary: "SUSE Bug 1185551", url: "https://bugzilla.suse.com/1185551", }, { category: "self", summary: "SUSE Bug 1230795", url: "https://bugzilla.suse.com/1230795", }, { category: "self", summary: "SUSE CVE CVE-2021-31879 page", url: "https://www.suse.com/security/cve/CVE-2021-31879/", }, ], title: "Security update for wget", tracking: { current_release_date: "2025-02-05T10:57:46Z", generator: { date: "2025-02-05T10:57:46Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2025:0366-1", initial_release_date: "2025-02-05T10:57:46Z", revision_history: [ { date: "2025-02-05T10:57:46Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "wget-1.20.3-150000.3.29.1.aarch64", product: { name: "wget-1.20.3-150000.3.29.1.aarch64", product_id: "wget-1.20.3-150000.3.29.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "wget-1.20.3-150000.3.29.1.i586", product: { name: "wget-1.20.3-150000.3.29.1.i586", product_id: "wget-1.20.3-150000.3.29.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "wget-lang-1.20.3-150000.3.29.1.noarch", product: { name: "wget-lang-1.20.3-150000.3.29.1.noarch", product_id: "wget-lang-1.20.3-150000.3.29.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "wget-1.20.3-150000.3.29.1.ppc64le", product: { name: "wget-1.20.3-150000.3.29.1.ppc64le", product_id: "wget-1.20.3-150000.3.29.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "wget-1.20.3-150000.3.29.1.s390x", product: { name: "wget-1.20.3-150000.3.29.1.s390x", product_id: "wget-1.20.3-150000.3.29.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "wget-1.20.3-150000.3.29.1.x86_64", product: { name: "wget-1.20.3-150000.3.29.1.x86_64", product_id: "wget-1.20.3-150000.3.29.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Micro 5.5", product: { name: "SUSE Linux Enterprise Micro 5.5", product_id: "SUSE Linux Enterprise Micro 5.5", product_identification_helper: { cpe: "cpe:/o:suse:sle-micro:5.5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "wget-1.20.3-150000.3.29.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5", product_id: "SUSE Linux Enterprise Micro 5.5:wget-1.20.3-150000.3.29.1.aarch64", }, product_reference: "wget-1.20.3-150000.3.29.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.5", }, { category: "default_component_of", full_product_name: { name: "wget-1.20.3-150000.3.29.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5", product_id: "SUSE Linux Enterprise Micro 5.5:wget-1.20.3-150000.3.29.1.ppc64le", }, product_reference: "wget-1.20.3-150000.3.29.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.5", }, { category: "default_component_of", full_product_name: { name: "wget-1.20.3-150000.3.29.1.s390x as component of SUSE Linux Enterprise Micro 5.5", product_id: "SUSE Linux Enterprise Micro 5.5:wget-1.20.3-150000.3.29.1.s390x", }, product_reference: "wget-1.20.3-150000.3.29.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.5", }, { category: "default_component_of", full_product_name: { name: "wget-1.20.3-150000.3.29.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5", product_id: "SUSE Linux Enterprise Micro 5.5:wget-1.20.3-150000.3.29.1.x86_64", }, product_reference: "wget-1.20.3-150000.3.29.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.5", }, ], }, vulnerabilities: [ { cve: "CVE-2021-31879", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-31879", }, ], notes: [ { category: "general", text: "GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.5:wget-1.20.3-150000.3.29.1.aarch64", "SUSE Linux Enterprise Micro 5.5:wget-1.20.3-150000.3.29.1.ppc64le", "SUSE Linux Enterprise Micro 5.5:wget-1.20.3-150000.3.29.1.s390x", "SUSE Linux Enterprise Micro 5.5:wget-1.20.3-150000.3.29.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-31879", url: "https://www.suse.com/security/cve/CVE-2021-31879", }, { category: "external", summary: "SUSE Bug 1185551 for CVE-2021-31879", url: "https://bugzilla.suse.com/1185551", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.5:wget-1.20.3-150000.3.29.1.aarch64", "SUSE Linux Enterprise Micro 5.5:wget-1.20.3-150000.3.29.1.ppc64le", "SUSE Linux Enterprise Micro 5.5:wget-1.20.3-150000.3.29.1.s390x", "SUSE Linux Enterprise Micro 5.5:wget-1.20.3-150000.3.29.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.5:wget-1.20.3-150000.3.29.1.aarch64", "SUSE Linux Enterprise Micro 5.5:wget-1.20.3-150000.3.29.1.ppc64le", "SUSE Linux Enterprise Micro 5.5:wget-1.20.3-150000.3.29.1.s390x", "SUSE Linux Enterprise Micro 5.5:wget-1.20.3-150000.3.29.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-05T10:57:46Z", details: "moderate", }, ], title: "CVE-2021-31879", }, ], }
suse-su-2025:0380-1
Vulnerability from csaf_suse
Published
2025-02-06 14:44
Modified
2025-02-06 14:44
Summary
Security update for wget
Notes
Title of the patch
Security update for wget
Description of the patch
This update for wget fixes the following issues:
- CVE-2021-31879: Authorization header disclosed upon redirects to different origins. (bsc#1185551)
Patchnames
SUSE-2025-380,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-380
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for wget", title: "Title of the patch", }, { category: "description", text: "This update for wget fixes the following issues:\n\n- CVE-2021-31879: Authorization header disclosed upon redirects to different origins. (bsc#1185551) \n", title: "Description of the patch", }, { category: "details", text: "SUSE-2025-380,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-380", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0380-1.json", }, { category: "self", summary: "URL for SUSE-SU-2025:0380-1", url: "https://www.suse.com/support/update/announcement/2025/suse-su-20250380-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2025:0380-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020272.html", }, { category: "self", summary: "SUSE Bug 1185551", url: "https://bugzilla.suse.com/1185551", }, { category: "self", summary: "SUSE Bug 1230795", url: "https://bugzilla.suse.com/1230795", }, { category: "self", summary: "SUSE CVE CVE-2021-31879 page", url: "https://www.suse.com/security/cve/CVE-2021-31879/", }, ], title: "Security update for wget", tracking: { current_release_date: "2025-02-06T14:44:25Z", generator: { date: "2025-02-06T14:44:25Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2025:0380-1", initial_release_date: "2025-02-06T14:44:25Z", revision_history: [ { date: "2025-02-06T14:44:25Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "wget-1.14-21.22.1.aarch64", product: { name: "wget-1.14-21.22.1.aarch64", product_id: "wget-1.14-21.22.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "wget-1.14-21.22.1.i586", product: { name: "wget-1.14-21.22.1.i586", product_id: "wget-1.14-21.22.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "wget-1.14-21.22.1.ppc64le", product: { name: "wget-1.14-21.22.1.ppc64le", product_id: "wget-1.14-21.22.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "wget-1.14-21.22.1.s390", product: { name: "wget-1.14-21.22.1.s390", product_id: "wget-1.14-21.22.1.s390", }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "wget-1.14-21.22.1.s390x", product: { name: "wget-1.14-21.22.1.s390x", product_id: "wget-1.14-21.22.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "wget-1.14-21.22.1.x86_64", product: { name: "wget-1.14-21.22.1.x86_64", product_id: "wget-1.14-21.22.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5", product: { name: "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5", product_id: "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss-extended-security:12:sp5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "wget-1.14-21.22.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5", product_id: "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:wget-1.14-21.22.1.x86_64", }, product_reference: "wget-1.14-21.22.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5", }, ], }, vulnerabilities: [ { cve: "CVE-2021-31879", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-31879", }, ], notes: [ { category: "general", text: "GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:wget-1.14-21.22.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-31879", url: "https://www.suse.com/security/cve/CVE-2021-31879", }, { category: "external", summary: "SUSE Bug 1185551 for CVE-2021-31879", url: "https://bugzilla.suse.com/1185551", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:wget-1.14-21.22.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:wget-1.14-21.22.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-06T14:44:25Z", details: "moderate", }, ], title: "CVE-2021-31879", }, ], }
gsd-2021-31879
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
Aliases
Aliases
{ GSD: { alias: "CVE-2021-31879", description: "GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.", id: "GSD-2021-31879", references: [ "https://www.suse.com/security/cve/CVE-2021-31879.html", "https://security.archlinux.org/CVE-2021-31879", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2021-31879", ], details: "GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.", id: "GSD-2021-31879", modified: "2023-12-13T01:23:13.268312Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-31879", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html", refsource: "MISC", url: "https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html", }, { name: "https://security.netapp.com/advisory/ntap-20210618-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210618-0002/", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.21.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-31879", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-601", }, ], }, ], }, references: { reference_data: [ { name: "https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html", refsource: "MISC", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html", }, { name: "https://security.netapp.com/advisory/ntap-20210618-0002/", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210618-0002/", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: true, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, }, }, lastModifiedDate: "2022-05-13T20:52Z", publishedDate: "2021-04-29T05:15Z", }, }, }
fkie_cve-2021-31879
Vulnerability from fkie_nvd
Published
2021-04-29 05:15
Modified
2024-11-21 06:06
Severity ?
Summary
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html | Mailing List, Vendor Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210618-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210618-0002/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | wget | * | |
| broadcom | brocade_fabric_operating_system_firmware | - | |
| netapp | cloud_backup | - | |
| netapp | ontap_select_deploy_administration_utility | - | |
| netapp | a250_firmware | - | |
| netapp | a250 | - | |
| netapp | 500f_firmware | - | |
| netapp | 500f | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*", matchCriteriaId: "2FB17F65-078F-4E8C-893D-3CF3FD8B2A5C", versionEndIncluding: "1.21.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B2748912-FC54-47F6-8C0C-B96784765B8E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "1236B66D-EB11-4324-929F-E2B86683C3C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*", matchCriteriaId: "281DFC67-46BB-4FC2-BE03-3C65C9311F65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "ECF32BB1-9A58-4821-AE49-5D5C8200631F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*", matchCriteriaId: "F21DE67F-CDFD-4D36-9967-633CD0240C6F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.", }, { lang: "es", value: "GNU Wget versiones hasta 1.21.1, no omite el encabezado Authorization tras un redireccionamiento a un origen diferente, un problema relacionado con CVE-2018-1000007", }, ], id: "CVE-2021-31879", lastModified: "2024-11-21T06:06:25.020", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-29T05:15:08.707", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210618-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210618-0002/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-601", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
ghsa-78qj-768g-464g
Vulnerability from github
Published
2022-05-24 17:49
Modified
2024-04-04 03:06
Severity ?
Details
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
{ affected: [], aliases: [ "CVE-2021-31879", ], database_specific: { cwe_ids: [ "CWE-601", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2021-04-29T05:15:00Z", severity: "MODERATE", }, details: "GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.", id: "GHSA-78qj-768g-464g", modified: "2024-04-04T03:06:46Z", published: "2022-05-24T17:49:13Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-31879", }, { type: "WEB", url: "https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html", }, { type: "WEB", url: "https://security.netapp.com/advisory/ntap-20210618-0002", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", type: "CVSS_V3", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.