​
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-4847-vww5-7f48

Published

Last updated

https://images.chainguard.dev/security/CGA-4847-vww5-7f48
Package

flux-source-controller

Latest Update
Fixed
Fixed Version

1.3.0-r4

Aliases
  • CVE-2024-6104
  • GHSA-v6v8-xj6m-xwqh

Severity

6.0

Medium

CVSS V3

Summary

go-retryablehttp can leak basic auth credentials to log files

Description

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images