Lucene search

K
redhatcveRedhat.comRH:CVE-2024-6104
HistoryJun 24, 2024 - 9:50 p.m.

CVE-2024-6104

2024-06-2421:50:10
redhat.com
access.redhat.com
10
cve-2024-6104
go-retryablehttp
sensitive information logging
http basic auth
log file
vulnerability
fix

CVSS3

6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0

Percentile

9.1%

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information.

CVSS3

6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0

Percentile

9.1%