CVE-2024-10524
GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs
In short
GNU Wget can be tricked into accessing unintended servers when users provide malicious credentials in shorthand URLs. This matters because attackers can bypass security controls and access internal systems or sensitive resources they shouldn't reach.
Technical detail
SSRF vulnerability in GNU Wget occurs when applications pass user-controlled credentials via shorthand URLs without proper validation. An attacker can craft malicious credentials that alter the target host, bypassing URL restrictions and allowing access to arbitrary internal or external resources, provided the application uses Wget with user-supplied credentials.
Summary generated and translated by AI from the official description.
Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Affected products
gnu · wgetWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/https://seclists.org/oss-sec/2024/q4/107https://security.netapp.com/advisory/ntap-20250321-0007/http://www.openwall.com/lists/oss-security/2024/11/18/6