go-retryablehttp: url might write sensitive information to log file

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...

go-retryablehttp: url might write sensitive information to log file

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...

openSUSE Security Advisory (SUSE-SU-2024:3288-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:3288-1 Security update for golang-github-prometheus-prometheus

This update for golang-github-prometheus-prometheus fixes the following issues: - Require Go 1.20 for building - Bump go-retryablehttp to version 0.7.7 CVE-2024-6104, bsc1227038 - Migrate from disabled to manual service mode - Add0003-Bump-go-retryablehttp.patch - Update to 2.45.6 jscPED-3577:...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.36 security update

Red Hat OpenShift Container Platform release 4.14.36 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2024-708)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-708 advisory. Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability CVE-2024-35255 The OpenTelemetry Collector offers a vendor-agnostic implementation on how to...

Amazon Linux 2 : amazon-cloudwatch-agent (ALAS-2024-2630)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300044.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2630 advisory. Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability...

Important: amazon-cloudwatch-agent

Issue Overview: Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability CVE-2024-35255 The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows...

Important: amazon-cloudwatch-agent

Issue Overview: Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability CVE-2024-35255 The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows...

AlmaLinux 9 : podman (ALSA-2024:6194)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6194 advisory. golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm CVE-2024-24783 go-retryablehttp: url might write sensitive...

go-retryablehttp: url might write sensitive information to log file

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...

Important: Red Hat Security Advisory: podman security update

An update for podman is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.10 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.10 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm...

RHEL 9 : podman (RHSA-2024:6194)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6194 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use contain...

ALSA-2024:6194 Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm...

ROS-20240902-12

The vulnerability in the retryablehttp package is related to the lack of purging cleared URLs when writing them to its log file. Exploitation of the vulnerability could allow an attacker to obtain sensitive credentials HTTP basic authentication credentials...

ROS-20240902-16

The vulnerability in the retryablehttp package is related to the lack of purging cleared URLs when writing them to its log file. Exploitation of the vulnerability could allow an attacker to obtain sensitive credentials HTTP basic authentication credentials A vulnerability in the net/http module o...

SUSE-SU-2024:3062-1 Security update for podman

This update for podman fixes the following issues: - CVE-2024-6104: Fixed sensitive information disclosure in log files in go-retryablehttp bsc1227052...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.12.64 security update

Red Hat OpenShift Container Platform release 4.12.64 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...