PT-2024-5887 · Unknown+7 · Go-Retryablehttp+7

Published

2024-06-24

·

Updated

2026-04-07

·

CVE-2024-6104

CVSS v3.1

6.0

Medium

VectorAV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions go-retryablehttp versions prior to 0.7.7
Description The issue is related to the lack of sanitization of URLs when writing them to the log file. This could allow an attacker to obtain confidential HTTP basic authentication credentials.
Recommendations For go-retryablehttp versions prior to 0.7.7, update to version 0.7.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the log files to minimize the risk of sensitive credential exposure.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

ALSA-2024:5258
ALSA-2024:6194
ALSA-2024:9098
ALSA-2024:9115
AZL-42874
AZL-42877
AZL-42880
AZL-42886
AZL-42892
AZL-42898
AZL-42904
AZL-42910
AZL-42913
AZL-42916
AZL-42922
AZL-42928
AZL-42931
AZL-42936
AZL-42942
AZL-42943
BDU:2024-06681
CESA-2024_5258
CLEANSTART-2026-GG94489
CVE-2024-6104
ECHO-B0F2-2138-6028
GHSA-V6V8-XJ6M-XWQH
GO-2024-2947
INFSA-2024_5258
INFSA-2024_6194
INFSA-2024_9098
INFSA-2024_9115
MGASA-2024-0343
OESA-2025-1053
OESA-2025-1055
OPENSUSE-SU-2024:0226-1
OPENSUSE-SU-2024:0227-1
OPENSUSE-SU-2024:14092-1
OPENSUSE-SU-2024:14102-1
OPENSUSE-SU-2024:14105-1
OPENSUSE-SU-2024:14211-1
OPENSUSE-SU-2024:14257-1
OPENSUSE-SU-2024:14258-1
OPENSUSE-SU-2024_2273-1
OPENSUSE-SU-2024_2286-1
OPENSUSE-SU-2024_3062-1
OPENSUSE-SU-2024_3267-1
OPENSUSE-SU-2024_3288-1
OPENSUSE-SU-2024_3546-1
OPENSUSE-SU-2025:14663-1
OPENSUSE-SU-2025:14988-1
OPENSUSE-SU-2025:14990-1
OPENSUSE-SU-2025:15052-1
OPENSUSE-SU-2025_0420-1
OPENSUSE-SU-2025_0458-1
OPENSUSE-SU-2025_0579-1
OPENSUSE-SU-2025_0775-1
OPENSUSE-SU-2025_1036-1
OPENSUSE-SU-2025_1037-1
OPENSUSE-SU-2025_1038-1
OPENSUSE-SU-2025_1332-1
OPENSUSE-SU-2025_1333-1
RHSA-2024:3722
RHSA-2024:4853
RHSA-2024:4858
RHSA-2024:4963
RHSA-2024:5194
RHSA-2024:5258
RHSA-2024:5446
RHSA-2024:5634
RHSA-2024:6194
RHSA-2024:9098
RHSA-2024:9115
RHSA-2024_5258
RHSA-2024_6194
RHSA-2024_9098
RHSA-2024_9115
RLSA-2024:5258
SUSE-RU-2025:02091-1
SUSE-RU-2025:02092-1
SUSE-RU-2025:02093-1
SUSE-SU-2024:2273-1
SUSE-SU-2024:2273-2
SUSE-SU-2024:2286-1
SUSE-SU-2024:3062-1
SUSE-SU-2024:3266-1
SUSE-SU-2024:3267-1
SUSE-SU-2024:3288-1
SUSE-SU-2024:3546-1
SUSE-SU-2024_2286-1
SUSE-SU-2024_3546-1
SUSE-SU-2025:0420-1
SUSE-SU-2025:0458-1
SUSE-SU-2025:0579-1
SUSE-SU-2025:0775-1
SUSE-SU-2025:1036-1
SUSE-SU-2025:1037-1
SUSE-SU-2025:1038-1
SUSE-SU-2025:1332-1
SUSE-SU-2025:1333-1
SUSE-SU-2025:20013-1
SUSE-SU-2025:20080-1
SUSE-SU-2025:20143-1
SUSE-SU-2025:20179-1
SUSE-SU-2025:20198-1
SUSE-SU-2025:20363-1
SUSE-SU-2025:20869-1
SUSE-SU-2025_0458-1
SUSE-SU-2025_1036-1
SUSE-SU-2025_1037-1
SUSE-SU-2025_1038-1

Affected Products

Almalinux
Centos
Debian
Red Hat
Red Os
Rocky Linux
Suse
Go-Retryablehttp