How severe is CVE-2024-28110?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-28110?

This is classified as CWE-522, which is a common weakness in software security.

CVE-2024-28110 - HIGH Severity | CVSS 7.5

Vulnerability Description

Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. When the transport is populated with an authenticated transport, then http.DefaultClient is modified with the authenticated transport and will start to send Authorization tokens to any endpoint it is used to contact. Version 2.15.2 patches this issue.

Related Vulnerabilities

CVE-2012-3823

HIGH

CVSS:7.5(High)

Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved.

CWE-5222012

CVE-2012-6663

HIGH

CVSS:7.5(High)

General Electric D20ME devices are not properly configured and reveal plaintext passwords.

CWE-5222012

CVE-2013-2106

HIGH

CVSS:7.5(High)

webauth before 4.6.1 has authentication credential disclosure

CWE-5222013

CVE-2013-2672

HIGH

CVSS:7.5(High)

Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords.

CWE-5222013

CVE-2013-3313

HIGH

CVSS:7.5(High)

The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can al...

CWE-5222013

CVE-2013-3620

HIGH

CVSS:7.5(High)

Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generati...

CWE-5222013