Home > Vulnerability Database > CVE-2024-45339

Mend.io Vulnerability Database

CVE-2024-45339

Good to know:

Date: January 27, 2025

When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.

Severity Score

7.1

Related Resources (9)

Url: https://groups.google.com/g/golang-announce/c/H-Q4ouHWyKs

Url: https://pkg.go.dev/vuln/GO-2025-3372

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45339

Url: https://github.com/golang/glog/pull/74/commits/b8741656e406e66d6992bc2c9575e460ecaa0ec2

Url: https://github.com/golang/glog

Url: https://lists.debian.org/debian-lts-announce/2025/02/msg00019.html

Url: https://github.com/golang/glog/pull/74

Url: https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File

Url: https://www.mend.io/vulnerability-database/CVE-2024-45339

Severity Score

7.1

Weakness Type (CWE)

UNIX Symbolic Link (Symlink) Following

CWE-61

Insecure Temporary File

CWE-377

Top Fix

Upgrade Version

Upgrade to version github.com/golang/glog - v1.2.4

Learn More

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-45339

Good to know:

Date: January 27, 2025

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?