CVE-2024-45339

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-45339
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45339.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-45339
Aliases
Downstream
Related
Published
2025-01-28T01:03:24.105Z
Modified
2026-05-18T05:58:59.402742192Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
Vulnerability when creating log files in github.com/golang/glog
Details

When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/45xxx/CVE-2024-45339.json",
    "cna_assigner": "Go"
}
References

Affected packages

Git / github.com/golang/glog

Affected ranges

Type
GIT
Repo
https://github.com/golang/glog
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a0e3c40a0ed0cecc58c84e7684d9ce55a54044ee
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.2.4"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

v1.*
v1.0.0
v1.1.0
v1.1.1
v1.1.2
v1.2.0
v1.2.1
v1.2.2
v1.2.3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45339.json"