go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7. https://discuss.hashicorp.com/c/security
Created doctl tracking bugs for this issue: Affects: fedora-all [bug 2294002] Created golang-github-acme-lego tracking bugs for this issue: Affects: fedora-all [bug 2294003] Created golang-github-hashicorp-retryablehttp tracking bugs for this issue: Affects: fedora-all [bug 2294004] Created golang-github-moby-buildkit tracking bugs for this issue: Affects: fedora-all [bug 2294005] Created grafana tracking bugs for this issue: Affects: fedora-all [bug 2294006] Created opentofu tracking bugs for this issue: Affects: fedora-all [bug 2294007] Created osbuild-composer tracking bugs for this issue: Affects: fedora-all [bug 2294008] Created podman tracking bugs for this issue: Affects: fedora-all [bug 2294009] Created skopeo tracking bugs for this issue: Affects: fedora-all [bug 2294010] Created stargz-snapshotter tracking bugs for this issue: Affects: fedora-all [bug 2294011] Created trivy tracking bugs for this issue: Affects: fedora-all [bug 2294012] Created vagrant tracking bugs for this issue: Affects: fedora-all [bug 2294013] Created vultr-cli tracking bugs for this issue: Affects: fedora-all [bug 2294014]
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:4316 https://access.redhat.com/errata/RHSA-2024:4316
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:4321 https://access.redhat.com/errata/RHSA-2024:4321
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:4479 https://access.redhat.com/errata/RHSA-2024:4479
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:4613 https://access.redhat.com/errata/RHSA-2024:4613
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:4699 https://access.redhat.com/errata/RHSA-2024:4699
This issue has been addressed in the following products: RHOSS-1.33-RHEL-8 Via RHSA-2024:4872 https://access.redhat.com/errata/RHSA-2024:4872
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:4853 https://access.redhat.com/errata/RHSA-2024:4853
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:4858 https://access.redhat.com/errata/RHSA-2024:4858
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:4846 https://access.redhat.com/errata/RHSA-2024:4846
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:4848 https://access.redhat.com/errata/RHSA-2024:4848
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:4965 https://access.redhat.com/errata/RHSA-2024:4965
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:4960 https://access.redhat.com/errata/RHSA-2024:4960
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:4963 https://access.redhat.com/errata/RHSA-2024:4963
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:5194 https://access.redhat.com/errata/RHSA-2024:5194
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:5258 https://access.redhat.com/errata/RHSA-2024:5258
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:5107 https://access.redhat.com/errata/RHSA-2024:5107
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:5160 https://access.redhat.com/errata/RHSA-2024:5160
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2024:5199 https://access.redhat.com/errata/RHSA-2024:5199
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2024:5200 https://access.redhat.com/errata/RHSA-2024:5200
This issue has been addressed in the following products: RHODF-4.16-RHEL-9 Via RHSA-2024:5547 https://access.redhat.com/errata/RHSA-2024:5547
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:5634 https://access.redhat.com/errata/RHSA-2024:5634
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:5433 https://access.redhat.com/errata/RHSA-2024:5433
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:5444 https://access.redhat.com/errata/RHSA-2024:5444
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Ironic content for Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:5446 https://access.redhat.com/errata/RHSA-2024:5446
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2024:5808 https://access.redhat.com/errata/RHSA-2024:5808
This issue has been addressed in the following products: Red Hat Advanced Cluster Security 4.4 Via RHSA-2024:6054 https://access.redhat.com/errata/RHSA-2024:6054
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:6004 https://access.redhat.com/errata/RHSA-2024:6004
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:6194 https://access.redhat.com/errata/RHSA-2024:6194
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:6009 https://access.redhat.com/errata/RHSA-2024:6009
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:6409 https://access.redhat.com/errata/RHSA-2024:6409
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:6406 https://access.redhat.com/errata/RHSA-2024:6406
This issue has been addressed in the following products: multicluster engine for Kubernetes 2.5 for RHEL 8 multicluster engine for Kubernetes 2.5 for RHEL 9 Via RHSA-2024:6738 https://access.redhat.com/errata/RHSA-2024:6738
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2024:6642 https://access.redhat.com/errata/RHSA-2024:6642
This issue has been addressed in the following products: RHODF-4.16-RHEL-9 Via RHSA-2024:6755 https://access.redhat.com/errata/RHSA-2024:6755
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:6811 https://access.redhat.com/errata/RHSA-2024:6811
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.17 Via RHSA-2024:3722 https://access.redhat.com/errata/RHSA-2024:3722
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:7184 https://access.redhat.com/errata/RHSA-2024:7184
This issue has been addressed in the following products: RHODF-4.14-RHEL-9 Via RHSA-2024:7624 https://access.redhat.com/errata/RHSA-2024:7624
This issue has been addressed in the following products: RHODF-4.13-RHEL-9 Via RHSA-2024:7744 https://access.redhat.com/errata/RHSA-2024:7744
This issue has been addressed in the following products: CLUSTER-OBSERVABILITY-OPERATOR-0.4-RHEL-8 Via RHSA-2024:8040 https://access.redhat.com/errata/RHSA-2024:8040