VDB
RHSA-2024%3A6738
RHSA-2024%3A6738
PUBLISHED
CVSS 6 MEDIUM
A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information.
Risk Scores
CVSS 3.1
6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | multicluster-engine/backplane-rhel9-operator@sha256:65bf78a3aeb2c7b9e0d326bad49c0a665c8d399272c2499cab660ab21b55c8eb_ppc64le as a component of multicluster engine for Kubernetes 2.5 for RHEL 9 | multicluster-engine/backplane-rhel9-operator@sha256:65bf78a3aeb2c7b9e0d326bad49c0a665c8d399272c2499cab660ab21b55c8eb_ppc64le, *, multicluster-engine/backplane-rhel9-operator@sha256:65bf78a3aeb2c7b9e0d326bad49c0a665c8d399272c2499cab660ab21b55c8eb_ppc64le |
| Red Hat | multicluster-engine/work-rhel9@sha256:01b331b25b13064f02a490d1a5c605f996a127631e83e1710c7cfa21fcb8cccb_ppc64le as a component of multicluster engine for Kubernetes 2.5 for RHEL 9 | multicluster-engine/work-rhel9@sha256:01b331b25b13064f02a490d1a5c605f996a127631e83e1710c7cfa21fcb8cccb_ppc64le, multicluster-engine/work-rhel9@sha256:01b331b25b13064f02a490d1a5c605f996a127631e83e1710c7cfa21fcb8cccb_ppc64le, * |
| Red Hat | multicluster-engine/multicluster-engine-hypershift-addon-rhel9-operator@sha256:d7ce509d9267b7fe32756a63e891122222465037fc25f8e02649a8543d4465da_arm64 as a component of multicluster engine for Kubernetes 2.5 for RHEL 9 | multicluster-engine/multicluster-engine-hypershift-addon-rhel9-operator@sha256:d7ce509d9267b7fe32756a63e891122222465037fc25f8e02649a8543d4465da_arm64, multicluster-engine/multicluster-engine-hypershift-addon-rhel9-operator@sha256:d7ce509d9267b7fe32756a63e891122222465037fc25f8e02649a8543d4465da_arm64, multicluster-engine/multicluster-engine-hypershift-addon-rhel9-operator@sha256:d7ce509d9267b7fe32756a63e891122222465037fc25f8e02649a8543d4465da_arm64 |
| Red Hat | multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:80c058818491264d99301e777579f571d9e517bec45cd65f323f388934c4807f_ppc64le as a component of multicluster engine for Kubernetes 2.5 for RHEL 9 | multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:80c058818491264d99301e777579f571d9e517bec45cd65f323f388934c4807f_ppc64le, *, multicluster-engine/cluster-api-provider-kubevirt-rhel9@sha256:80c058818491264d99301e777579f571d9e517bec45cd65f323f388934c4807f_ppc64le |
| Red Hat | multicluster-engine/cluster-api-provider-azure-rhel9@sha256:3a97fe144c1ca86629d8ecba416b40b03bb5f63b42347d1bf6744925da7fd498_amd64 as a component of multicluster engine for Kubernetes 2.5 for RHEL 9 | *, *, * |
| Red Hat | multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:5d42ea3dfd6faf56f4b57658f59d233707a306f18b196cd838dc4643af5c28e1_amd64 as a component of multicluster engine for Kubernetes 2.5 for RHEL 9 | *, multicluster-engine/clusterlifecycle-state-metrics-rhel9@sha256:5d42ea3dfd6faf56f4b57658f59d233707a306f18b196cd838dc4643af5c28e1_amd64, * |
| Red Hat | multicluster-engine/multicluster-engine-console-mce-rhel9@sha256:aece915923eb862a1db0a0bff3ac5dba5a3e1af1aef2cb220376a5159ec83aa1_ppc64le as a component of multicluster engine for Kubernetes 2.5 for RHEL 9 | multicluster-engine/multicluster-engine-console-mce-rhel9@sha256:aece915923eb862a1db0a0bff3ac5dba5a3e1af1aef2cb220376a5159ec83aa1_ppc64le, multicluster-engine/multicluster-engine-console-mce-rhel9@sha256:aece915923eb862a1db0a0bff3ac5dba5a3e1af1aef2cb220376a5159ec83aa1_ppc64le, multicluster-engine/multicluster-engine-console-mce-rhel9@sha256:aece915923eb862a1db0a0bff3ac5dba5a3e1af1aef2cb220376a5159ec83aa1_ppc64le |
| Red Hat | multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e9fa045883a4df1bea2889cef1f46cd6015613bbb3f3501d648b103656711d17_s390x as a component of multicluster engine for Kubernetes 2.5 for RHEL 9 | multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e9fa045883a4df1bea2889cef1f46cd6015613bbb3f3501d648b103656711d17_s390x, *, multicluster-engine/kube-rbac-proxy-mce-rhel9@sha256:e9fa045883a4df1bea2889cef1f46cd6015613bbb3f3501d648b103656711d17_s390x |
| Red Hat | multicluster-engine/discovery-rhel9@sha256:bf5d1d37f8d29cc204eb5cb7d559d90206c9e8abd36e86607cce25f08585d7e5_arm64 as a component of multicluster engine for Kubernetes 2.5 for RHEL 9 | multicluster-engine/discovery-rhel9@sha256:bf5d1d37f8d29cc204eb5cb7d559d90206c9e8abd36e86607cce25f08585d7e5_arm64, *, multicluster-engine/discovery-rhel9@sha256:bf5d1d37f8d29cc204eb5cb7d559d90206c9e8abd36e86607cce25f08585d7e5_arm64 |
| Red Hat | multicluster-engine/aws-encryption-provider-rhel9@sha256:1b4eeadf602048a3fc338481e8cf85cbd5df61f66bee17173f92220e442e1b5f_arm64 as a component of multicluster engine for Kubernetes 2.5 for RHEL 9 | multicluster-engine/aws-encryption-provider-rhel9@sha256:1b4eeadf602048a3fc338481e8cf85cbd5df61f66bee17173f92220e442e1b5f_arm64, multicluster-engine/aws-encryption-provider-rhel9@sha256:1b4eeadf602048a3fc338481e8cf85cbd5df61f66bee17173f92220e442e1b5f_arm64, * |
| Red Hat | multicluster-engine/console-mce-rhel9@sha256:5a1d34586d481f2e248d31bfa79a25be50300d0549b0d41ac440204a3095c74d_amd64 as a component of multicluster engine for Kubernetes 2.5 for RHEL 9 | multicluster-engine/console-mce-rhel9@sha256:5a1d34586d481f2e248d31bfa79a25be50300d0549b0d41ac440204a3095c74d_amd64, multicluster-engine/console-mce-rhel9@sha256:5a1d34586d481f2e248d31bfa79a25be50300d0549b0d41ac440204a3095c74d_amd64, multicluster-engine/console-mce-rhel9@sha256:5a1d34586d481f2e248d31bfa79a25be50300d0549b0d41ac440204a3095c74d_amd64 |
| Red Hat | multicluster-engine/assisted-installer-rhel8@sha256:dc482a3604eaaebcc0d158f78310f5d8d6ad4523fe5a3d522d13c2965e9c5d99_s390x as a component of multicluster engine for Kubernetes 2.5 for RHEL 8 | *, multicluster-engine/assisted-installer-rhel8@sha256:dc482a3604eaaebcc0d158f78310f5d8d6ad4523fe5a3d522d13c2965e9c5d99_s390x, multicluster-engine/assisted-installer-rhel8@sha256:dc482a3604eaaebcc0d158f78310f5d8d6ad4523fe5a3d522d13c2965e9c5d99_s390x |
| Red Hat | multicluster-engine/work-rhel9@sha256:9106733e36e0abc2a6abcfe4739cc8fd2a4715180a1216ab60d389e705e58b81_s390x as a component of multicluster engine for Kubernetes 2.5 for RHEL 9 | multicluster-engine/work-rhel9@sha256:9106733e36e0abc2a6abcfe4739cc8fd2a4715180a1216ab60d389e705e58b81_s390x, multicluster-engine/work-rhel9@sha256:9106733e36e0abc2a6abcfe4739cc8fd2a4715180a1216ab60d389e705e58b81_s390x, multicluster-engine/work-rhel9@sha256:9106733e36e0abc2a6abcfe4739cc8fd2a4715180a1216ab60d389e705e58b81_s390x |
| Red Hat | multicluster-engine/cluster-curator-controller-rhel9@sha256:385553dae26eb76fe0775612a01813567fe8e0467a33fd28182e91c0cdfab144_s390x as a component of multicluster engine for Kubernetes 2.5 for RHEL 9 | multicluster-engine/cluster-curator-controller-rhel9@sha256:385553dae26eb76fe0775612a01813567fe8e0467a33fd28182e91c0cdfab144_s390x, multicluster-engine/cluster-curator-controller-rhel9@sha256:385553dae26eb76fe0775612a01813567fe8e0467a33fd28182e91c0cdfab144_s390x, * |
| Red Hat | multicluster-engine/agent-service-rhel8@sha256:8fa8bf1e1cbe672dbe0c9c16e5f68ff451915a85a7c5473f6dac02e12b683641_amd64 as a component of multicluster engine for Kubernetes 2.5 for RHEL 8 | multicluster-engine/agent-service-rhel8@sha256:8fa8bf1e1cbe672dbe0c9c16e5f68ff451915a85a7c5473f6dac02e12b683641_amd64, multicluster-engine/agent-service-rhel8@sha256:8fa8bf1e1cbe672dbe0c9c16e5f68ff451915a85a7c5473f6dac02e12b683641_amd64, multicluster-engine/agent-service-rhel8@sha256:8fa8bf1e1cbe672dbe0c9c16e5f68ff451915a85a7c5473f6dac02e12b683641_amd64 |
| Red Hat | multicluster-engine/assisted-image-service-rhel8@sha256:1a4375360208909a28b239e51a294a1ff88ff85184f88b0dcb735690d6340d9f_ppc64le as a component of multicluster engine for Kubernetes 2.5 for RHEL 8 | multicluster-engine/assisted-image-service-rhel8@sha256:1a4375360208909a28b239e51a294a1ff88ff85184f88b0dcb735690d6340d9f_ppc64le, multicluster-engine/assisted-image-service-rhel8@sha256:1a4375360208909a28b239e51a294a1ff88ff85184f88b0dcb735690d6340d9f_ppc64le, * |
| Red Hat | multicluster-engine/managed-serviceaccount-rhel9@sha256:70e992ccb0859edf4f219895f4d3ef83aa079fb5d455583764639b2b52229b38_ppc64le as a component of multicluster engine for Kubernetes 2.5 for RHEL 9 | multicluster-engine/managed-serviceaccount-rhel9@sha256:70e992ccb0859edf4f219895f4d3ef83aa079fb5d455583764639b2b52229b38_ppc64le, multicluster-engine/managed-serviceaccount-rhel9@sha256:70e992ccb0859edf4f219895f4d3ef83aa079fb5d455583764639b2b52229b38_ppc64le, * |
| Red Hat | multicluster-engine/managedcluster-import-controller-rhel9@sha256:abea5abbe13923982ff88e99ccdae765b1e1fddb9bdc7fdfe1bfbf8a28ec102c_amd64 as a component of multicluster engine for Kubernetes 2.5 for RHEL 9 | multicluster-engine/managedcluster-import-controller-rhel9@sha256:abea5abbe13923982ff88e99ccdae765b1e1fddb9bdc7fdfe1bfbf8a28ec102c_amd64, multicluster-engine/managedcluster-import-controller-rhel9@sha256:abea5abbe13923982ff88e99ccdae765b1e1fddb9bdc7fdfe1bfbf8a28ec102c_amd64, multicluster-engine/managedcluster-import-controller-rhel9@sha256:abea5abbe13923982ff88e99ccdae765b1e1fddb9bdc7fdfe1bfbf8a28ec102c_amd64 |
| Red Hat | multicluster-engine/backplane-rhel9-operator@sha256:de72b339a42a140c33722783a73a2fea2b824d59a499946070d284fb7f68ebe5_amd64 as a component of multicluster engine for Kubernetes 2.5 for RHEL 9 | *, multicluster-engine/backplane-rhel9-operator@sha256:de72b339a42a140c33722783a73a2fea2b824d59a499946070d284fb7f68ebe5_amd64, multicluster-engine/backplane-rhel9-operator@sha256:de72b339a42a140c33722783a73a2fea2b824d59a499946070d284fb7f68ebe5_amd64 |
| Red Hat | multicluster-engine/multicloud-manager-rhel9@sha256:7c076ccd3d0ffbd28a00ccccd944835bc2dcfc48515d95917df5f097fb22209a_arm64 as a component of multicluster engine for Kubernetes 2.5 for RHEL 9 | *, multicluster-engine/multicloud-manager-rhel9@sha256:7c076ccd3d0ffbd28a00ccccd944835bc2dcfc48515d95917df5f097fb22209a_arm64, * |
…and 148 more
Timeline
- Sep 17, 2024 CVE Published
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 29, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2024:6738 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2294000 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2302458 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2302459 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2302460 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6738.json advisory
- https://access.redhat.com/security/cve/CVE-2024-6104 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-6104 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-6104 advisory
- https://access.redhat.com/security/cve/CVE-2024-42459 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-42459 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-42459 advisory
- https://github.com/indutny/elliptic/pull/317 advisory
- https://access.redhat.com/security/cve/CVE-2024-42460 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-42460 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-42460 advisory
- https://access.redhat.com/security/cve/CVE-2024-42461 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-42461 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-42461 advisory
…and 7 more