88 matches found
AZL-42898 CVE-2024-6104 affecting package prometheus for versions less than 2.45.4-3
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
UBUNTU-CVE-2024-6104
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
CVE-2024-6104
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
CVE-2024-6104 go-retryablehttp can leak basic auth credentials to log files
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
CVE-2024-6104
CVE-2024-6104 affects go-retryablehttp prior to 0.7.7, where URLs were not sanitized when written to log files, allowing sensitive HTTP basic-auth credentials to be exposed in logs. The vulnerability is mitigated by upgrading to go-retryablehttp 0.7.7 or later. Several connected advisories refere...
CVE-2024-6104 go-retryablehttp can leak basic auth credentials to log files
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
HashiCorp go-retryablehttp Log Information Disclosure Vulnerability
go-retryablehttp is a retryable HTTP client in Go open-sourced by HashiCorp. A security vulnerability exists in Hashicorp go-retryablehttp versions prior to 0.7.7, which stems from failure to clean up a URL when writing it to a log file, resulting in sensitive HTTP basic authentication credential...
PT-2024-5887 · Unknown +7 · Go-Retryablehttp +7
Name of the Vulnerable Software and Affected Versions: go-retryablehttp versions prior to 0.7.7 Description: The issue is related to the lack of sanitization of URLs when writing them to the log file. This could allow an attacker to obtain confidential HTTP basic authentication credentials...