go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.
History

Thu, 31 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Gitops
CPEs cpe:/a:redhat:openshift_gitops:1.12::el8
cpe:/a:redhat:openshift_gitops:1.12::el9
Vendors & Products Redhat openshift Gitops

Thu, 24 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:logging:6.0::el9

Tue, 15 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat cluster Observability Operator
CPEs cpe:/a:redhat:cluster_observability_operator:0.4::el8
Vendors & Products Redhat cluster Observability Operator

Tue, 08 Oct 2024 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:logging:5.6::el8

Tue, 08 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_data_foundation:4.13::el9

Fri, 04 Oct 2024 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_data_foundation:4.14::el9

Thu, 03 Oct 2024 02:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:logging:5.9::el9

Tue, 01 Oct 2024 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.17::el8

Thu, 26 Sep 2024 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat logging
CPEs cpe:/a:redhat:logging:5.8::el9
Vendors & Products Redhat logging

Wed, 18 Sep 2024 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat multicluster Engine
CPEs cpe:/a:redhat:multicluster_engine:2.5::el8
Vendors & Products Redhat multicluster Engine

Fri, 06 Sep 2024 13:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9

Fri, 30 Aug 2024 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat advanced Cluster Security
CPEs cpe:/a:redhat:advanced_cluster_security:4.4::el8
Vendors & Products Redhat advanced Cluster Security

Tue, 20 Aug 2024 22:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:9.2

Mon, 19 Aug 2024 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Data Foundation
CPEs cpe:/a:redhat:openshift:4.12::el8
cpe:/a:redhat:openshift_data_foundation:4.16::el9
Vendors & Products Redhat openshift Data Foundation

Tue, 13 Aug 2024 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:8
Vendors & Products Redhat enterprise Linux

Mon, 12 Aug 2024 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:8.8
Vendors & Products Redhat rhel Eus

cve-icon MITRE

Status: PUBLISHED

Assigner: HashiCorp

Published: 2024-06-24T17:06:21.150Z

Updated: 2024-08-01T21:33:04.395Z

Reserved: 2024-06-17T22:19:58.680Z

Link: CVE-2024-6104

cve-icon Vulnrichment

Updated: 2024-08-01T21:33:04.395Z

cve-icon NVD

Status : Analyzed

Published: 2024-06-24T17:15:11.087

Modified: 2024-06-26T17:19:40.850

Link: CVE-2024-6104

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-06-24T00:00:00Z

Links: CVE-2024-6104 - Bugzilla