go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.
References
Link | Resource |
---|---|
https://discuss.hashicorp.com/c/security | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: HashiCorp
Published: 2024-06-24T17:06:21.150Z
Updated: 2024-06-24T19:19:28.773Z
Reserved: 2024-06-17T22:19:58.680Z
Link: CVE-2024-6104
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-06-24T17:15:11.087
Modified: 2024-06-26T17:19:40.850
Link: CVE-2024-6104
JSON object: View
Redhat Information
No data.
CWE