Timhess

**Name of the Vulnerable Software and Affected Versions** Steeltoe.Discovery.Eureka versions prior to 3.2.8 **Description** The issue concerns credential leakage in logs when utilizing multiple Eureka server service URLs with basic auth and encountering an issue with fetching the service registry. Only the first URL is masked in the error log, potentially exposing credentials of subsequent URLs. The code in question is located in the `DiscoveryClient.cs` file. **Recommendations** For Steeltoe.Discovery.Eureka versions prior to 3.2.8, update to version 3.2.8 of the Steeltoe.Discovery.Eureka nuget package to address the credential leakage issue. As a temporary workaround, consider restricting log access to minimize the risk of exposed credentials.