CVE-2024-6104

EUVD-2024-2173
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
hashicorpretryablehttp
𝑥
< 0.7.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
golang-github-hashicorp-go-retryablehttp
bookworm
no-dsa
bullseye
no-dsa
forky
vulnerable
sid
vulnerable
trixie
no-dsa
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
cosign
suse enterprise desktop 15 SP6
2.5.0-150400.3.27.1
fixed
suse enterprise desktop 15 SP7
2.5.0-150400.3.27.1
fixed
suse enterprise sap 15 SP6
2.5.0-150400.3.27.1
fixed
suse enterprise sap 15 SP7
2.5.0-150400.3.27.1
fixed
suse enterprise server 15 SP4
2.5.0-150400.3.27.1
fixed
suse enterprise server 15 SP5
2.5.0-150400.3.27.1
fixed
suse enterprise server 15 SP6
2.5.0-150400.3.27.1
fixed
suse enterprise server 15 SP7
2.5.0-150400.3.27.1
fixed
cosign-bash-completion
suse enterprise desktop 15 SP7
2.5.0-150400.3.27.1
fixed
suse enterprise sap 15 SP7
2.5.0-150400.3.27.1
fixed
suse enterprise server 15 SP7
2.5.0-150400.3.27.1
fixed
cosign-zsh-completion
suse enterprise desktop 15 SP7
2.5.0-150400.3.27.1
fixed
suse enterprise sap 15 SP7
2.5.0-150400.3.27.1
fixed
suse enterprise server 15 SP7
2.5.0-150400.3.27.1
fixed
podman
suse enterprise sap 15 SP5
4.9.5-150500.3.18.1
fixed
suse enterprise sap 15 SP6
4.9.5-150500.3.43.2
fixed
suse enterprise sap 15 SP7
4.9.5-150500.3.40.1
fixed
suse enterprise server 15 SP3
4.9.5-150300.9.49.2
fixed
suse enterprise server 15 SP4
4.9.5-150400.4.47.2
fixed
suse enterprise server 15 SP5
4.9.5-150500.3.43.2
fixed
suse enterprise server 15 SP6
4.9.5-150500.3.43.2
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.40.1
fixed
podman-docker
suse enterprise sap 15 SP5
4.9.5-150500.3.18.1
fixed
suse enterprise sap 15 SP6
4.9.5-150500.3.43.2
fixed
suse enterprise sap 15 SP7
4.9.5-150500.3.40.1
fixed
suse enterprise server 15 SP4
4.9.5-150400.4.47.2
fixed
suse enterprise server 15 SP5
4.9.5-150500.3.43.2
fixed
suse enterprise server 15 SP6
4.9.5-150500.3.43.2
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.40.1
fixed
podman-remote
suse enterprise sap 15 SP5
4.9.5-150500.3.18.1
fixed
suse enterprise sap 15 SP6
4.9.5-150500.3.43.2
fixed
suse enterprise sap 15 SP7
4.9.5-150500.3.40.1
fixed
suse enterprise server 15 SP3
4.9.5-150300.9.49.2
fixed
suse enterprise server 15 SP4
4.9.5-150400.4.47.2
fixed
suse enterprise server 15 SP5
4.9.5-150500.3.43.2
fixed
suse enterprise server 15 SP6
4.9.5-150500.3.43.2
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.40.1
fixed
podmansh
suse enterprise sap 15 SP5
4.9.5-150500.3.18.1
fixed
suse enterprise sap 15 SP6
4.9.5-150500.3.43.2
fixed
suse enterprise sap 15 SP7
4.9.5-150500.3.40.1
fixed
suse enterprise server 15 SP5
4.9.5-150500.3.43.2
fixed
suse enterprise server 15 SP6
4.9.5-150500.3.43.2
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.40.1
fixed
rekor
suse enterprise desktop 15 SP6
1.3.10-150400.4.25.1
fixed
suse enterprise desktop 15 SP7
1.3.10-150400.4.25.1
fixed
suse enterprise sap 15 SP6
1.3.10-150400.4.25.1
fixed
suse enterprise sap 15 SP7
1.3.10-150400.4.25.1
fixed
suse enterprise server 15 SP4
1.3.10-150400.4.25.1
fixed
suse enterprise server 15 SP5
1.3.10-150400.4.25.1
fixed
suse enterprise server 15 SP6
1.3.10-150400.4.25.1
fixed
suse enterprise server 15 SP7
1.3.10-150400.4.25.1
fixed
skopeo
suse enterprise desktop 15 SP6
1.14.4-150300.11.16.1
fixed
suse enterprise desktop 15 SP7
1.14.4-150300.11.16.1
fixed
suse enterprise sap 15 SP6
1.14.4-150300.11.16.1
fixed
suse enterprise sap 15 SP7
1.14.4-150300.11.16.1
fixed
suse enterprise server 15 SP4
1.14.4-150300.11.16.1
fixed
suse enterprise server 15 SP6
1.14.4-150300.11.16.1
fixed
suse enterprise server 15 SP7
1.14.4-150300.11.16.1
fixed
skopeo-bash-completion
suse enterprise desktop 15 SP6
1.14.4-150300.11.16.1
fixed
suse enterprise desktop 15 SP7
1.14.4-150300.11.16.1
fixed
suse enterprise sap 15 SP6
1.14.4-150300.11.16.1
fixed
suse enterprise sap 15 SP7
1.14.4-150300.11.16.1
fixed
suse enterprise server 15 SP6
1.14.4-150300.11.16.1
fixed
suse enterprise server 15 SP7
1.14.4-150300.11.16.1
fixed
skopeo-zsh-completion
suse enterprise desktop 15 SP6
1.14.4-150300.11.16.1
fixed
suse enterprise desktop 15 SP7
1.14.4-150300.11.16.1
fixed
suse enterprise sap 15 SP6
1.14.4-150300.11.16.1
fixed
suse enterprise sap 15 SP7
1.14.4-150300.11.16.1
fixed
suse enterprise server 15 SP6
1.14.4-150300.11.16.1
fixed
suse enterprise server 15 SP7
1.14.4-150300.11.16.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
grafana
RHEL 9
0:10.2.6-4.el9
fixed
grafana-selinux
RHEL 9
0:10.2.6-4.el9
fixed
podman
RHEL 9
4:4.9.4-10.el9_4
fixed
podman-docker
RHEL 9
4:4.9.4-10.el9_4
fixed
podman-plugins
RHEL 9
4:4.9.4-10.el9_4
fixed
podman-remote
RHEL 9
4:4.9.4-10.el9_4
fixed
podman-tests
RHEL 9
4:4.9.4-10.el9_4
fixed
skopeo
RHEL 9
2:1.16.1-1.el9
fixed
skopeo-tests
RHEL 9
2:1.16.1-1.el9
fixed
Common Weakness Enumeration
References
https://discuss.hashicorp.com/c/security
https://discuss.hashicorp.com/c/security