CVE-2019-3500

Name of the Vulnerable Software and Affected Versions aria2 version 1.33.1

Description The issue is related to the aria2c component in the aria2 utility, which can lead to information disclosure through log files. When the --log option is used, aria2c can store an HTTP Basic Authentication username and password in a file. This might allow local users to obtain sensitive information by reading this file. The exploitation of this issue may allow an attacker to gain unauthorized access to protected information.

Recommendations For aria2 version 1.33.1, consider disabling the --log option to prevent sensitive information from being stored in log files until a fix is available. Restrict access to log files generated by aria2c to minimize the risk of exploitation. Avoid using the username and password in the affected log files until the issue is resolved.