VDB
RHSA-2024%3A7624
RHSA-2024%3A7624
PUBLISHED
CVSS 6 MEDIUM
A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information.
Risk Scores
CVSS 3.1
6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64 as a component of RHODF 4.14 for RHEL 9 | *, odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64 |
| Red Hat | odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le as a component of RHODF 4.14 for RHEL 9 | odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le, * |
| Red Hat | odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64 as a component of RHODF 4.14 for RHEL 9 | odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64, odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64 |
| Red Hat | odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x as a component of RHODF 4.14 for RHEL 9 | odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x, * |
| Red Hat | odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64 as a component of RHODF 4.14 for RHEL 9 | odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64, odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64 |
| Red Hat | odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x as a component of RHODF 4.14 for RHEL 9 | *, * |
| Red Hat | odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x as a component of RHODF 4.14 for RHEL 9 | odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x, odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x |
| Red Hat | odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x as a component of RHODF 4.14 for RHEL 9 | odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x, * |
| Red Hat | odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64 as a component of RHODF 4.14 for RHEL 9 | odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64, odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64 |
| Red Hat | odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64 as a component of RHODF 4.14 for RHEL 9 | odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64, odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64 |
| Red Hat | odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64 as a component of RHODF 4.14 for RHEL 9 | odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64, odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64 |
| Red Hat | odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64 as a component of RHODF 4.14 for RHEL 9 | odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64, odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64 |
| Red Hat | odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x as a component of RHODF 4.14 for RHEL 9 | *, * |
| Red Hat | odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le as a component of RHODF 4.14 for RHEL 9 | odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le, * |
| Red Hat | odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64 as a component of RHODF 4.14 for RHEL 9 | odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64, * |
| Red Hat | odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64 as a component of RHODF 4.14 for RHEL 9 | *, odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64 |
| Red Hat | odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64 as a component of RHODF 4.14 for RHEL 9 | *, odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64 |
| Red Hat | odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le as a component of RHODF 4.14 for RHEL 9 | odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le, odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le |
| Red Hat | odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64 as a component of RHODF 4.14 for RHEL 9 | odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64, * |
| Red Hat | odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64 as a component of RHODF 4.14 for RHEL 9 | *, odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64 |
…and 69 more
Timeline
- Oct 3, 2024 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 28, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2024:7624 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2276934 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2290901 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2294000 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2300499 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2314151 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7624.json advisory
- https://access.redhat.com/security/cve/CVE-2024-6104 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-6104 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-6104 advisory
- https://access.redhat.com/security/cve/CVE-2024-29041 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-29041 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-29041 advisory
- https://expressjs.com/en/4x/api.html#res.location advisory
- https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd advisory
- https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94 advisory
- https://github.com/expressjs/express/pull/5539 advisory
- https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc advisory
- https://github.com/koajs/koa/issues/1800 advisory
…and 6 more