Lucene search

Redhat.comRH:CVE-2024-6104

HistoryJun 24, 2024 - 9:50 p.m.

CVE-2024-6104

2024-06-2421:50:10

redhat.com

access.redhat.com

cve-2024-6104

go-retryablehttp

sensitive information logging

http basic auth

log file

vulnerability

fix

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information.

References

bugzilla.redhat.com/show_bug.cgi?id=2294000

nvd.nist.gov/vuln/detail/CVE-2024-6104

www.cve.org/CVERecord?id=CVE-2024-6104

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for RH:CVE-2024-6104