Improper Credential Segmentation in Go's GOAUTH Feature Affects Users
CVE-2024-45340

8.8HIGH

Key Information:

Vendor: Go Toolchain
Status: Cmd/go
Vendor: CVE Published:; 28 January 2025

🔔 Create Go Toolchain Vulnerability Alert

What is CVE-2024-45340?

A security flaw in the GOAUTH feature of the Go programming language allows malicious servers to access user credentials improperly. This occurs because credentials are not correctly isolated by domain, potentially permitting unauthorized requests for sensitive information. By default, this issue primarily impacts credentials stored in the user's .netrc file, increasing the risk of unauthorized access. Developers using Go should review their configurations and ensure proper domain segmentation to safeguard user credentials.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

cmd/go 1.24.0-0 < 1.24.0-rc.2

References

https://go.dev/cl/643097

https://go.dev/issue/71249

https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 28, 2025
Vulnerability Reserved
Aug 27, 2024

Credit

Juho Forsén of Mattermost

JSON

Go Toolchain

What is CVE-2024-45340?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.