/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CVE-2024-23840

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-23840

Severity

5.5

Medium

CVSS V3

Summary

goreleaser release --debug shows secrets

Description

GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. goreleaser release --debug log shows secret values used in the in the custom publisher. This vulnerability is fixed in 1.24.0.

References

  • https://images.chainguard.dev/security/CGA-fcxp-mjf3-h283
  • https://github.com/advisories/GHSA-h3q2-8whx-c29h
  • https://github.com/goreleaser/goreleaser/commit/d5b6a533ca1dc3366983d5d31ee2d2b6232b83c0
  • https://github.com/goreleaser/goreleaser/security/advisories/GHSA-h3q2-8whx-c29h

Affected packages

The trusted source for open source

Talk to an expert
© 2025 Chainguard. All Rights Reserved.
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0Golden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogPartnersNewsroomCareersLegal