​
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-w7pc-vv6c-4fmm

Published

Last updated

https://images.chainguard.dev/security/CGA-w7pc-vv6c-4fmm
Package

opentelemetry-collector-contrib-fips

Latest Update
Fixed
Fixed Version

0.102.0-r2

Aliases
  • CVE-2024-6104
  • GHSA-v6v8-xj6m-xwqh

Severity

6.0

Medium

CVSS V3

Summary

go-retryablehttp can leak basic auth credentials to log files

Description

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images