cbcvebase.
CVE-2024-6104
published 2024-06-24

CVE-2024-6104: go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth…

PriorityP424medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.36%
27.8th percentile
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.

Affected

28 ranges· showing 25
VendorProductVersion rangeFixed in
debiangolang-github-hashicorp-go-retryablehttp
github.comhashicorp_go-retryablehttp>= 0 < 0.7.70.7.7
hashicorpretryablehttp< 0.7.70.7.7
hashicorpshared_library< 0.7.70.7.7
msrcazl3_cert-manager_1.12.12-3
msrcazl3_influxdb_2.7.3-5
msrcazl3_influxdb_2.7.5-5
msrcazl3_keda_2.14.0-2
msrcazl3_keda_2.14.1-7
msrcazl3_libcontainers-common_20240213-2
msrcazl3_libcontainers-common_20240213-3
msrcazl3_packer_1.9.5-2
msrcazl3_packer_1.9.5-9
msrcazl3_prometheus_2.45.4-12
msrcazl3_prometheus_2.45.4-3
msrcazl3_skopeo_1.14.4-2
msrcazl3_skopeo_1.14.4-5
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_cert-manager_1.11.2-12
msrccbl2_cert-manager_1.11.2-22
msrccbl2_cri-o_1.22.3-14
msrccbl2_cri-o_1.22.3-6
msrccbl2_influxdb_2.6.1-15
msrccbl2_influxdb_2.6.1-22

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
ghsa5.5MEDIUM
osv5.5MEDIUM
vendor_debian6.0MEDIUM
vendor_redhat6.0MEDIUM
vendor_msrc5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.