Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:47728
HistoryJun 25, 2024 - 5:18 a.m.

Information Disclosure

2024-06-2505:18:18
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
vulnerability
github
credentials
log
improper sanitization
sensitive information

CVSS3

6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

AI Score

6.4

Confidence

Low

github.com/hashicorp/go-retryablehttp is vulnerable to Information Disclosure . The vulnerability is due to improper sanitization of URLs when writing them to the log file, allowing an attacker to potentially access sensitive HTTP basic auth credentials.

CVSS3

6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

AI Score

6.4

Confidence

Low