CVE-2024-10524

{"id": "CVE-2024-10524", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "reefs@jfrog.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 2.2}]}, "published": "2024-11-19T15:15:06.740", "references": [{"url": "https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778", "source": "reefs@jfrog.com"}, {"url": "https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/", "source": "reefs@jfrog.com"}, {"url": "https://seclists.org/oss-sec/2024/q4/107", "source": "reefs@jfrog.com"}, {"url": "http://www.openwall.com/lists/oss-security/2024/11/18/6", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20250321-0007/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "reefs@jfrog.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host."}, {"lang": "es", "value": "Las aplicaciones que utilizan Wget para acceder a un recurso remoto mediante URL abreviadas y pasan credenciales de usuario arbitrarias en la URL son vulnerables. En estos casos, los atacantes pueden introducir credenciales creadas que har\u00e1n que Wget acceda a un host arbitrario."}], "lastModified": "2025-03-21T18:15:32.323", "sourceIdentifier": "reefs@jfrog.com"}