- Vulnerability/
- USN-7362-1
USN-7362-1: go-gh vulnerability
First published: Thu Mar 20 2025(Updated: )
It was discovered that go-gh incorrectly handled authentication tokens. An attacker could possibly use this issue to leak authentication tokens to the wrong host. (CVE-2024-53859)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/golang-github-cli-go-gh-v2-dev | <2.6.0-1ubuntu0.24.10.1 | 2.6.0-1ubuntu0.24.10.1 |
| Ubuntu | =24.10 | |
| All of | ||
| ubuntu/golang-github-cli-go-gh-v2-dev | <2.6.0-1ubuntu0.24.04.1~esm1 | 2.6.0-1ubuntu0.24.04.1~esm1 |
| Ubuntu | =24.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of USN-7362-1?
USN-7362-1 is categorized as a potential security vulnerability affecting authentication tokens.
How do I fix USN-7362-1?
To mitigate the issue in USN-7362-1, update to the fixed package versions 2.6.0-1ubuntu0.24.10.1 or 2.6.0-1ubuntu0.24.04.1~esm1.
Which versions of Ubuntu are affected by USN-7362-1?
USN-7362-1 affects Ubuntu 24.10 and 24.04 for the specified package versions.
What is the underlying cause of USN-7362-1?
USN-7362-1 was caused by an incorrect handling of authentication tokens in the go-gh package.
What CVE is associated with USN-7362-1?
USN-7362-1 is associated with CVE-2024-53859.
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/references
- agent/source
- agent/title
- agent/softwarecombine
- agent/tags
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu
- version/ubuntu/24.10
- version/ubuntu/24.04