DirectorySecurity Advisories
Sign In
Security Advisories

CGA-rgvj-fgvg-j6cx

Published

Last updated

https://images.chainguard.dev/security/CGA-rgvj-fgvg-j6cx
Package

opentelemetry-collector

Latest Update
Fixed
Fixed Version

0.105.0-r0

Aliases
  • CVE-2024-6104
  • GHSA-v6v8-xj6m-xwqh

Severity

6.0

Medium

CVSS V3

Summary

go-retryablehttp can leak basic auth credentials to log files

Description

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images