CVE-2021-31879

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.

CVSS v3 6.1 MEDIUM
CVSS v2.0 5.8 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html	Mailing List Vendor Advisory
https://security.netapp.com/advisory/ntap-20210618-0002/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*

Configuration 4 (hide)

AND

cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*

History

13 May 2022, 20:52

Type	Values Removed	Values Added
CPE		cpe:2.3:a:netapp:cloud_backup:-:::::::* cpe:2.3:h:netapp:500f:-:::::::* cpe:2.3:o:netapp:500f_firmware:-:::::::* cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:::::::* cpe:2.3:h:netapp:a250:-:::::::* cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::* cpe:2.3:o:netapp:a250_firmware:-:::::::*
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20210618-0002/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20210618-0002/ - Third Party Advisory

18 Jun 2021, 10:15

Type	Values Removed	Values Added
References		(CONFIRM) https://security.netapp.com/advisory/ntap-20210618-0002/ -

Information

Published : 2021-04-29 05:15

Updated : 2024-02-04 21:47

NVD link : CVE-2021-31879

Mitre link : CVE-2021-31879

CVE.ORG link : CVE-2021-31879

JSON object : View

Products Affected

broadcom

brocade_fabric_operating_system_firmware

netapp

a250
a250_firmware
ontap_select_deploy_administration_utility
500f
cloud_backup
500f_firmware

gnu

wget

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

6.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

5.8 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2021-31879

6.1^/10

5.8^/10

Attach tags to `CVE-2021-31879`