Sign In

CVE-2024-28110

ADVISORY - github

Summary

Impact

What kind of vulnerability is it? Who is impacted? Using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints.

The relevant code is here (also inline, emphasis added):

if p.Client == nil {
  p.Client = **http.DefaultClient**
}

if p.roundTripper != nil {
  p.Client.**Transport = p.roundTripper**
}

When the transport is populated with an authenticated transport such as:

... then http.DefaultClient is modified with the authenticated transport and will start to send Authorization tokens to any endpoint it is used to contact!

Found and patched by: @tcnghia and @mattmoor

Patches

v.2.15.2

EPSS Score: 0.00137 (0.341)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-522

Insufficiently Protected Credentials

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-522

Insufficiently Protected Credentials

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in