​
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-rhq3-96hj-736x

Published

Last updated

https://images.chainguard.dev/security/CGA-rhq3-96hj-736x
Package

tekton-chains-fips

Latest Update
Fixed
Fixed Version

0.21.1-r2

Aliases
  • CVE-2024-6104
  • GHSA-v6v8-xj6m-xwqh

Severity

6.0

Medium

CVSS V3

Summary

go-retryablehttp can leak basic auth credentials to log files

Description

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images