Home > Vulnerability Database > CVE-2024-45340

Mend.io Vulnerability Database

CVE-2024-45340

Date: January 27, 2025

Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file.

Severity Score

8.8

Related Resources (6)

Url: https://pkg.go.dev/vuln/GO-2025-3383

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45340

Url: https://go.dev/issue/71249

Url: https://go.dev/cl/643097

Url: https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ

Url: https://www.mend.io/vulnerability-database/CVE-2024-45340

Severity Score

8.8

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-45340

Date: January 27, 2025

Severity Score

Related Resources (6)

Severity Score

CVSS v3.1

Do you need more information?