CVE-2024-40636
The CVE concerns Steeltoe.Discovery.Eureka where DiscoveryClient logs may leak basic-auth credentials because Eureka server URLs are not fully masked when FetchRegistry fails. Affects Steeltoe.Discovery.Eureka (and related packages) with multiple Eureka URLs and basic auth; root cause is logging ...