vulnerability
SUSE: CVE-2023-45285: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | 12/06/2023 | 12/12/2023 | 01/28/2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
12/06/2023
Added
12/12/2023
Modified
01/28/2025
Description
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off).
Solution(s)
suse-upgrade-go1-20suse-upgrade-go1-20-docsuse-upgrade-go1-20-opensslsuse-upgrade-go1-20-openssl-docsuse-upgrade-go1-20-openssl-racesuse-upgrade-go1-20-racesuse-upgrade-go1-21suse-upgrade-go1-21-docsuse-upgrade-go1-21-opensslsuse-upgrade-go1-21-openssl-docsuse-upgrade-go1-21-openssl-racesuse-upgrade-go1-21-race
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.