Updated: 2026-02-08 02:32:24.027794
Description:
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | MEDIUM | 5.8 |
| CVSS Version 3.x | MEDIUM | 6.1 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | wget | 1.21.1 | 6.1 | MEDIUM | Ignored | 2023-11-08 04:07:46 | Low practical risk: the issue only manifests when wget is used with an Authorization header and the ... | |
| CentOS 6 ELS | wget | 1.12 | 6.1 | MEDIUM | Ignored | 2021-11-02 14:03:19 | The CVE is disputed as a vulnerability and as of 2024 there is no upstream fix | |
| CentOS 7 ELS | wget | 1.14 | 6.1 | MEDIUM | Ignored | 2023-09-19 09:30:10 | Ignored due to low severity | |
| CentOS 8.4 ELS | wget | 1.19.5 | 6.1 | MEDIUM | Ignored | 2022-02-04 02:37:32 | Ignored due to low severity | |
| CentOS 8.5 ELS | wget | 1.19.5 | 6.1 | MEDIUM | Ignored | 2022-02-10 08:36:20 | Ignored due to low severity | |
| CloudLinux 6 ELS | wget | 1.12 | 6.1 | MEDIUM | Ignored | 2021-11-02 14:03:19 | The CVE is disputed as a vulnerability and as of 2024 there is no upstream fix | |
| Debian 10 ELS | wget | 1.20.1 | 6.1 | MEDIUM | Ignored | 2025-10-11 00:18:12 | Ignored due to low severity | |
| Oracle Linux 6 ELS | wget | 1.12 | 6.1 | MEDIUM | Ignored | 2021-11-02 14:03:19 | The CVE is disputed as a vulnerability and as of 2024 there is no upstream fix | |
| Ubuntu 16.04 ELS | wget | 1.17.1-1 | 6.1 | MEDIUM | Ignored | 2024-05-08 10:40:21 | The CVE is disputed as a vulnerability and as of 2024 there is no upstream fix | |
| Ubuntu 18.04 ELS | wget | 1.19.4-1 | 6.1 | MEDIUM | Ignored | 2023-07-10 04:00:16 | Ignored due to low severity |