4 matches found
CVE-2024-23840 vulnerabilities
Vulnerabilities for packages: goreleaser...
CVE-2024-23840 vulnerabilities
Vulnerabilities for packages: goreleaser...
CVE-2024-23840
GoReleaser (the goreleaser tool) is affected by CVE-2024-23840: when using a custom publisher, the --debug log can print secret values (e.g., environment secrets) in the output, potentially leaking sensitive data. The issue is documented across multiple feeds (including NVD and related advisories...
CVE-2024-23840 `goreleaser release --debug` shows secrets
GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. goreleaser release --debug log shows secret values used in the in the custom publisher. This vulnerability is fixed in 1.24.0...