VDB

RHSA-2025%3A3714

RHSA-2025%3A3714 PUBLISHED CVSS 6 MEDIUM

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information.

Risk Scores

CVSS 3.1
6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Affected Products

VendorProductVersions
Red Hatregistry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0f576aede28d85a5157a400605680821d2f9bc8fa5ae0f1c88116c8b73a692f8_ppc64le as a component of cert-manager operator for Red Hat OpenShift 1.14*
Red Hatregistry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a594b7ff2fa1ff1b5e6764815d792ea546901edd566e8d2ec84674b3b1248bf1_s390x as a component of cert-manager operator for Red Hat OpenShift 1.14registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a594b7ff2fa1ff1b5e6764815d792ea546901edd566e8d2ec84674b3b1248bf1_s390x
Red Hatregistry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:d2b37ee05356f9b32b677c0edecf9b942ec5102655715a067dc35279c597dd9e_amd64 as a component of cert-manager operator for Red Hat OpenShift 1.14*
Red Hatregistry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6147724b354a70fe9ddd6e255fc7307f5eed01a41a4e26f7e83aed95d640157d_amd64 as a component of cert-manager operator for Red Hat OpenShift 1.14*
Red Hatregistry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:43cdb26e404d68d3b86d48fbfba0bf427ae8215fcf6abc014e3ce9fa026d2d7f_arm64 as a component of cert-manager operator for Red Hat OpenShift 1.14registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:43cdb26e404d68d3b86d48fbfba0bf427ae8215fcf6abc014e3ce9fa026d2d7f_arm64
Red Hatregistry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:383d3e03d07f5203a2f002ac6c558549f0b4a54e442332178100094fd076f5fe_arm64 as a component of cert-manager operator for Red Hat OpenShift 1.14*
Red Hatregistry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2f3ffd42acbea226e8245a27ab6f5dda831dc2d9257f7ef7d5f9c067df305605_ppc64le as a component of cert-manager operator for Red Hat OpenShift 1.14registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2f3ffd42acbea226e8245a27ab6f5dda831dc2d9257f7ef7d5f9c067df305605_ppc64le
Red Hatregistry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:cc360ce8ff69de2615e1542327f3f4938ac0934c9da610d28ea310d005692e20_s390x as a component of cert-manager operator for Red Hat OpenShift 1.14registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:cc360ce8ff69de2615e1542327f3f4938ac0934c9da610d28ea310d005692e20_s390x

Timeline

  • Apr 8, 2025 CVE Published
  • Apr 24, 2026 CVE Updated
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›