Primary

Context

Go GOAUTH Credential Leak Vulnerability

Vulnerability

Patched

A vulnerability exists in the Go programming language's command-line tool, specifically in the GOAUTH feature, where credentials were not properly isolated by domain. This flaw allowed a malicious server to access credentials that should have been restricted. By default, this issue impacted credentials stored in the user's .netrc file.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive credentials, allowing malicious servers to request and potentially misuse credentials that belong to other domains.

Remediation

Users can upgrade to Go version 1.24.0-rc.2 or later, where this vulnerability has been fixed. Instructions for downloading this version are available on the Go website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Go GOAUTH Credential Leak Vulnerability

Vulnerability

Impact

Remediation

Affected Products

golang.org Go

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating