VDB

RHSA-2024%3A5199

RHSA-2024%3A5199 PUBLISHED CVSS 6 MEDIUM

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information.

Risk Scores

CVSS 3.1
6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Affected Products

VendorProductVersions
Red Hatopenshift-tech-preview/metallb-rhel8@sha256:7223d061d22f302dc85031b68884fefdc5b958570878f57d6c27a6a89fd9d15b_s390x as a component of Red Hat OpenShift Container Platform 4.12openshift-tech-preview/metallb-rhel8@sha256:7223d061d22f302dc85031b68884fefdc5b958570878f57d6c27a6a89fd9d15b_s390x
Red Hatopenshift4/ose-sriov-infiniband-cni@sha256:e09a35c48bd4c35f402fa9aa2b5b7dd95c12a633dfdc780e1207fddc0ea67041_amd64 as a component of Red Hat OpenShift Container Platform 4.12*
Red Hatopenshift4/ose-clusterresourceoverride-rhel8-operator@sha256:ac427fc5e250621eb40115e353509a680280ef3011b60d7c6c68a35c5678aa0d_amd64 as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:ac427fc5e250621eb40115e353509a680280ef3011b60d7c6c68a35c5678aa0d_amd64
Red Hatopenshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:82b2cdc2dafbef35f46c62cec2efdaa3ccb567f6655ef545bcc55d051cbc75d3_amd64 as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:82b2cdc2dafbef35f46c62cec2efdaa3ccb567f6655ef545bcc55d051cbc75d3_amd64
Red Hatopenshift4/ose-vertical-pod-autoscaler-rhel8@sha256:44ff91e83a520f796e62e59e37d06a369e2592c859e7d3470a1f56c85b008c94_amd64 as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:44ff91e83a520f796e62e59e37d06a369e2592c859e7d3470a1f56c85b008c94_amd64
Red Hatopenshift4/ose-cloud-event-proxy@sha256:fbd89aab3dc3462c1b100677fc5f383eb2970fb45716223d1c48b1409f0a1d45_amd64 as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-cloud-event-proxy@sha256:fbd89aab3dc3462c1b100677fc5f383eb2970fb45716223d1c48b1409f0a1d45_amd64
Red Hatopenshift4/frr-rhel8@sha256:d2691d12b3c543aad5a105053e42452d9529e2a7fb92f49522b92af1ced0c09a_amd64 as a component of Red Hat OpenShift Container Platform 4.12*
Red Hatopenshift4/ose-cluster-nfd-operator@sha256:435ec4fb18e43d0209e191660c91aa6eb8dc932fe5a0aea16ebd04c30d8fd9bb_s390x as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-cluster-nfd-operator@sha256:435ec4fb18e43d0209e191660c91aa6eb8dc932fe5a0aea16ebd04c30d8fd9bb_s390x
Red Hatopenshift4/ose-cluster-kube-descheduler-operator@sha256:63d4b27c169da993597f5eaec2950c54c7021708b996cb220a1d91062c1ef354_s390x as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-cluster-kube-descheduler-operator@sha256:63d4b27c169da993597f5eaec2950c54c7021708b996cb220a1d91062c1ef354_s390x
Red Hatopenshift4/ose-egress-dns-proxy@sha256:129b1327aa5adc059c79a2bbd904bf1dbd23dc4362286e2220b404fbb9748f53_s390x as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-egress-dns-proxy@sha256:129b1327aa5adc059c79a2bbd904bf1dbd23dc4362286e2220b404fbb9748f53_s390x
Red Hatopenshift4/ose-cloud-event-proxy-rhel8@sha256:fbd89aab3dc3462c1b100677fc5f383eb2970fb45716223d1c48b1409f0a1d45_amd64 as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-cloud-event-proxy-rhel8@sha256:fbd89aab3dc3462c1b100677fc5f383eb2970fb45716223d1c48b1409f0a1d45_amd64
Red Hatopenshift4/ose-local-storage-operator@sha256:31682a3390e45bd8b47cecc3390ad1f89f47889d50077289235c8d8c15dccc62_amd64 as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-local-storage-operator@sha256:31682a3390e45bd8b47cecc3390ad1f89f47889d50077289235c8d8c15dccc62_amd64
Red Hatopenshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:632155f339738871b9534559bbd28579aeacb7a1e3b680176494e10c58f15aef_s390x as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:632155f339738871b9534559bbd28579aeacb7a1e3b680176494e10c58f15aef_s390x
Red Hatopenshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:56b7e31e04e0bdba2d007f4a25b16bda829460827b287332fa0e4b7915310cd8_amd64 as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:56b7e31e04e0bdba2d007f4a25b16bda829460827b287332fa0e4b7915310cd8_amd64
Red Hatopenshift4/ose-cluster-nfd-operator@sha256:b84c2075a84ad8a7ea974045bfd7c88b1b4ed7c3a1db5364658f0e1537e97943_amd64 as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-cluster-nfd-operator@sha256:b84c2075a84ad8a7ea974045bfd7c88b1b4ed7c3a1db5364658f0e1537e97943_amd64
Red Hatopenshift4/ose-sriov-network-config-daemon@sha256:7e8a8d4416af66c2304a235b2a1159d626d2c45f8addad812a167498448c6f1b_amd64 as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-sriov-network-config-daemon@sha256:7e8a8d4416af66c2304a235b2a1159d626d2c45f8addad812a167498448c6f1b_amd64
Red Hatopenshift4/ose-ansible-operator@sha256:4490100743716d73676e825967063d878a824acee5ad5cb340e677c1d1929b93_s390x as a component of Red Hat OpenShift Container Platform 4.12*
Red Hatopenshift4/ose-local-storage-mustgather-rhel8@sha256:762561a57724256181a250cd50128c66cb55a5c8419bd0340dc8ec82e1a16ec3_s390x as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-local-storage-mustgather-rhel8@sha256:762561a57724256181a250cd50128c66cb55a5c8419bd0340dc8ec82e1a16ec3_s390x
Red Hatopenshift4/ose-descheduler@sha256:7561381b6fea8357a05421087ec0af616d70d85014b7bb4723e4ca15ab032cbc_s390x as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-descheduler@sha256:7561381b6fea8357a05421087ec0af616d70d85014b7bb4723e4ca15ab032cbc_s390x
Red Hatopenshift4/ose-clusterresourceoverride-rhel8@sha256:60b51fc60f6827bf8ee97d1f01c6a43906fb52036e9007e917131b57cb726662_amd64 as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-clusterresourceoverride-rhel8@sha256:60b51fc60f6827bf8ee97d1f01c6a43906fb52036e9007e917131b57cb726662_amd64

…and 51 more

Timeline

  • Aug 19, 2024 CVE Published
  • Apr 24, 2026 CVE Updated
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›