CVE-2024-6104
CVSS V2 None
CVSS V3 None
Description
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.
Overview
- CVE ID
- CVE-2024-6104
- Assigner
- HashiCorp
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-06-24T17:06:21.150Z
- Last Modified Date
- 2024-06-24T19:19:28.773Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://discuss.hashicorp.com/c/security |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-6104 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6104 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 17:39:49 | Added to TrackCVE |