摘要:
Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file.
安全等级: Low
公告ID: KylinSec-SA-2025-1117
发布日期: 2025年2月17日
关联CVE: CVE-2024-45340
Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2024-45340 | KY3.4-5A | golang | Unaffected |
| CVE-2024-45340 | V6 | golang | Unaffected |
