Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-45340

Опубликовано: 28 янв. 2025
Источник: debian
EPSS Низкий

Описание

Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.24fixed1.24~rc2-1package

Примечания

  • https://go-review.googlesource.com/c/go/+/643097

  • https://github.com/golang/go/issues/71249

  • Fixed by: https://github.com/golang/go/commit/139d6eedae38f9e8bc81bb2c8c5c2c75d12853ab (master)

  • Fixed by: https://github.com/golang/go/commit/8336dfde7096ff75c1ff256cb3079863cefac33a (go1.24rc2)

  • Introduced after: https://github.com/golang/go/commit/8194d735cff90871b1ea5c92e83ddd50abdd4185 (go1.24rc1)

EPSS

Процентиль: 35%
0.00142
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-45340

CVSS3: 8.8
ubuntu
12 месяцев назад

Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file.

redhat логотип

CVE-2024-45340

CVSS3: 7.5
redhat
12 месяцев назад

Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file.

nvd логотип

CVE-2024-45340

CVSS3: 8.8
nvd
12 месяцев назад

Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file.

github логотип

GHSA-v5qx-579h-rr6f

CVSS3: 8.8
github
12 месяцев назад

Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file.

fstec логотип

BDU:2025-02786

CVSS3: 7.1
fstec
около 1 года назад

Уязвимость компонента cmd/go функции GOAUTH библиотеки go языка программирования Golang, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 35%
0.00142
Низкий