VDB

RHSA-2024%3A4469

RHSA-2024%3A4469 PUBLISHED CVSS 6 MEDIUM

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information.

Risk Scores

CVSS 3.1
6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Affected Products

VendorProductVersions
Red Hatopenshift4/ose-csi-snapshot-controller-rhel9@sha256:9d0e4356b2ef927ce37dc4b5530b5d17e10e1bdea3f17d76ce2d08a1de5ab15c_s390x as a component of Red Hat OpenShift Container Platform 4.16openshift4/ose-csi-snapshot-controller-rhel9@sha256:9d0e4356b2ef927ce37dc4b5530b5d17e10e1bdea3f17d76ce2d08a1de5ab15c_s390x
Red Hatopenshift4/azure-kms-encryption-provider-rhel9@sha256:8920af697acaa1c0fa7e169d7b85caf80bdebb9fe4cb03bcae63704bbc85f2f1_s390x as a component of Red Hat OpenShift Container Platform 4.16openshift4/azure-kms-encryption-provider-rhel9@sha256:8920af697acaa1c0fa7e169d7b85caf80bdebb9fe4cb03bcae63704bbc85f2f1_s390x
Red Hatopenshift4/ose-cluster-capi-rhel9-operator@sha256:ae678044607c913aa0ef55ee138e883d92d3b7e5aa38a9b47cdc5b3f574f1cc7_s390x as a component of Red Hat OpenShift Container Platform 4.16openshift4/ose-cluster-capi-rhel9-operator@sha256:ae678044607c913aa0ef55ee138e883d92d3b7e5aa38a9b47cdc5b3f574f1cc7_s390x
Red Hatopenshift4/ose-baremetal-rhel9-operator@sha256:a4df54ac34c167f204d3f7fe6d94dc319e4a3da9eeb239753c4aeb1e1ebfcce3_arm64 as a component of Red Hat OpenShift Container Platform 4.16openshift4/ose-baremetal-rhel9-operator@sha256:a4df54ac34c167f204d3f7fe6d94dc319e4a3da9eeb239753c4aeb1e1ebfcce3_arm64
Red Hatopenshift4/ose-csi-driver-shared-resource-webhook-rhel9@sha256:6c448534b25498d9142bc603984cbc082ca0bd781ab74295256b66e2fcd6aee8_ppc64le as a component of Red Hat OpenShift Container Platform 4.16openshift4/ose-csi-driver-shared-resource-webhook-rhel9@sha256:6c448534b25498d9142bc603984cbc082ca0bd781ab74295256b66e2fcd6aee8_ppc64le
Red Hatopenshift4/ose-cloud-credential-rhel9-operator@sha256:0aafc5e855be2ad417ff92952ecaf1b118777149265dd8aba77bcb4a498a9bcd_s390x as a component of Red Hat OpenShift Container Platform 4.16openshift4/ose-cloud-credential-rhel9-operator@sha256:0aafc5e855be2ad417ff92952ecaf1b118777149265dd8aba77bcb4a498a9bcd_s390x
Red Hatopenshift4/ose-csi-driver-shared-resource-rhel9-operator@sha256:66ce6d32d558a35dc1bac68e09c07d35a2119160e1c63c6dfec7a9e8c93c3955_s390x as a component of Red Hat OpenShift Container Platform 4.16openshift4/ose-csi-driver-shared-resource-rhel9-operator@sha256:66ce6d32d558a35dc1bac68e09c07d35a2119160e1c63c6dfec7a9e8c93c3955_s390x
Red Hatopenshift4/ose-cluster-baremetal-operator-rhel9@sha256:1f5160359bc4388ca6e2a179e977c84701829e667f78d8d55e353a08d92da58a_amd64 as a component of Red Hat OpenShift Container Platform 4.16openshift4/ose-cluster-baremetal-operator-rhel9@sha256:1f5160359bc4388ca6e2a179e977c84701829e667f78d8d55e353a08d92da58a_amd64
Red Hatopenshift4/ose-ibm-vpc-block-csi-driver-rhel9-operator@sha256:1469b153f43195a3a945452797a9f470c3df93b606603bd2599d443cac4be08b_amd64 as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatopenshift4/ose-tests-rhel9@sha256:fb714aca4ac6e57e1ec48373e2f7ee50ca893c027304a1eeaf6ab1df29df77e7_arm64 as a component of Red Hat OpenShift Container Platform 4.16openshift4/ose-tests-rhel9@sha256:fb714aca4ac6e57e1ec48373e2f7ee50ca893c027304a1eeaf6ab1df29df77e7_arm64
Red Hatopenshift4/ose-olm-rukpak-rhel9@sha256:0836d1bbb71ed00dafdbe4c0d3974f988b6ef930e1ca8b0779e3f252a20ab200_arm64 as a component of Red Hat OpenShift Container Platform 4.16openshift4/ose-olm-rukpak-rhel9@sha256:0836d1bbb71ed00dafdbe4c0d3974f988b6ef930e1ca8b0779e3f252a20ab200_arm64
Red Hatopenshift4/ovirt-csi-driver-rhel9@sha256:194353cabce2bfbf7fffc89992d1bbd633777dbbd1c61a0dfdf900d34647e273_ppc64le as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatopenshift4/ose-tools-rhel9@sha256:e51c6e89b7c7212232c6629fd375415af81862e886d3e23e2382338be83bef41_ppc64le as a component of Red Hat OpenShift Container Platform 4.16openshift4/ose-tools-rhel9@sha256:e51c6e89b7c7212232c6629fd375415af81862e886d3e23e2382338be83bef41_ppc64le
Red Hatopenshift4/ose-kube-rbac-proxy-rhel9@sha256:5ab9898e1a83887cc4ad2c96a65c8a923b8d84db5546a7d83896762e877cdd89_ppc64le as a component of Red Hat OpenShift Container Platform 4.16openshift4/ose-kube-rbac-proxy-rhel9@sha256:5ab9898e1a83887cc4ad2c96a65c8a923b8d84db5546a7d83896762e877cdd89_ppc64le
Red Hatopenshift4/ose-csi-driver-nfs-rhel9@sha256:7c35ad0b7688198e8e3b243f0b7e08c8bae9abfc6bee869717a0b2d39b8b9e54_ppc64le as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatopenshift4/egress-router-cni-rhel9@sha256:4d7437098608e8793f1a09e3e125f0a327e1f96cb98740960a50224204fa2540_ppc64le as a component of Red Hat OpenShift Container Platform 4.16openshift4/egress-router-cni-rhel9@sha256:4d7437098608e8793f1a09e3e125f0a327e1f96cb98740960a50224204fa2540_ppc64le
Red Hatopenshift4/ose-oauth-apiserver-rhel9@sha256:4c6719ff6521f0caa2b8324ced5fa0d12c0cf5a50d64279c87ba47bf0c32254d_amd64 as a component of Red Hat OpenShift Container Platform 4.16openshift4/ose-oauth-apiserver-rhel9@sha256:4c6719ff6521f0caa2b8324ced5fa0d12c0cf5a50d64279c87ba47bf0c32254d_amd64
Red Hatopenshift4/ose-agent-installer-node-agent-rhel9@sha256:0fc66ec4442113e0d05665685160698481a1979f204df1132bdb61a5b4e45c9a_arm64 as a component of Red Hat OpenShift Container Platform 4.16*
Red Hatopenshift4/ose-oauth-proxy-rhel9@sha256:b65c7266cbe0ab9c23e0ea2c741a6c2468790ee923e47e3f93505182b991afb1_ppc64le as a component of Red Hat OpenShift Container Platform 4.16openshift4/ose-oauth-proxy-rhel9@sha256:b65c7266cbe0ab9c23e0ea2c741a6c2468790ee923e47e3f93505182b991afb1_ppc64le
Red Hatopenshift4/ose-etcd-rhel9@sha256:3104ec1df57bf3fac64181896c3b6a2b43e960799c8bd77c8a5440b71c26fab8_s390x as a component of Red Hat OpenShift Container Platform 4.16openshift4/ose-etcd-rhel9@sha256:3104ec1df57bf3fac64181896c3b6a2b43e960799c8bd77c8a5440b71c26fab8_s390x

…and 640 more

Timeline

  • Jul 3, 2024 PoC Published
  • Jul 16, 2024 CVE Published
  • Apr 24, 2026 CVE Updated
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›