SUSE CVE-2024-45336

🗓️ 20 Jan 2025 03:52:44Reported by Suse CVEType

SUSE CVE-2024-45336: HTTP client drops Authorization header after cross-domain redirects and may restore it on a later same-domain redirect.

Reporter	Title	Published	Views	Family All 661
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF005 and 24.0.1-IF002.	2 May 202507:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite uses axios-1.7.7.tgz, Kubectl-1.22.4 and Websphere Liberty - 24.0.0.11 which is vulnerable to CVE-2025-27152, CVE-2024-47535, CVE-2024-24791, CVE-2024-45336, CVE-2024.	30 May 202513:17	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps	25 Jun 202513:52	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality	1 Sep 202511:01	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak	9 Jun 202519:01	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images	22 May 202506:33	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a sensitive header drop in Golang/net/http [CVE-2024-45336]	13 Jun 202516:21	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with Cloud Pak foundational services before 4.6.20 shipped with IBM Cloud Pak for Business Automation iFixes for January 2026.	17 Mar 202617:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.	5 Jun 202506:12	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.	1 Sep 202514:35	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
OpenSUSE Tumbleweed	–	any	go1.22	1.22.11-1.1	go1.22-1.22.11-1.1.noarch.rpm
OpenSUSE Leap	15.6	any	go1.22	1.22.11-150000.1.39.1	go1.22-1.22.11-150000.1.39.1.noarch.rpm
SUSE Linux Enterprise Desktop	15.6	any	go1.22	1.22.11-150000.1.39.1	go1.22-1.22.11-150000.1.39.1.noarch.rpm
SUSE Linux Enterprise Server	15.3	any	go1.22	1.22.11-150000.1.39.1	go1.22-1.22.11-150000.1.39.1.noarch.rpm
SUSE Linux Enterprise Server	15.4	any	go1.22	1.22.11-150000.1.39.1	go1.22-1.22.11-150000.1.39.1.noarch.rpm
SUSE Linux Enterprise Server	15.5	any	go1.22	1.22.11-150000.1.39.1	go1.22-1.22.11-150000.1.39.1.noarch.rpm
SUSE Linux Enterprise Server	15.6	any	go1.22	1.22.11-150000.1.39.1	go1.22-1.22.11-150000.1.39.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	15.3	any	go1.22	1.22.11-150000.1.39.1	go1.22-1.22.11-150000.1.39.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	15.4	any	go1.22	1.22.11-150000.1.39.1	go1.22-1.22.11-150000.1.39.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	15.5	any	go1.22	1.22.11-150000.1.39.1	go1.22-1.22.11-150000.1.39.1.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2024-45336
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/1236045
bugzilla	www.bugzilla.suse.com/1236046
lists	www.lists.suse.com/pipermail/suse-liberty-linux-updates/2025-April/001034.html
lists	www.lists.suse.com/pipermail/sle-updates/2025-May/039374.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2025-January/020229.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2025-January/020228.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2025-January/020234.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2025-January/020248.html

20 May 2026 03:05Current

8.1High risk

Vulners AI Score8.1

CVSS 3.15.9

EPSS0.0062