Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redosRedosROS-20240902-16
HistorySep 02, 2024 - 12:00 a.m.

ROS-20240902-16

2024-09-0200:00:00
redos.red-soft.ru
1
retryablehttp
log file
sensitive credentials
net/http
input validation
denial of service
envoy proxy
memory usage
denial of service
unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

JSON

The vulnerability in the retryablehttp package is related to the lack of purging cleared URLs when writing them to its
log file. Exploitation of the vulnerability could allow an attacker to obtain sensitive credentials
HTTP basic authentication credentials

A vulnerability in the net/http module of the Go programming language is related to improper input validation.
Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service

A vulnerability in the Envoy proxy module is related to post-release memory usage. Exploitation
of the vulnerability could allow a remote attacker to cause a denial of service

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64consul< 1.19.1-1UNKNOWN

Related

osv 163
cvelist 2
nvd 2
vulnrichment 2
cve 2
nessus 3
cbl_mariner 15
redos 1
debiancve 1
openvas 3
wolfi 1
github 1
redhat 1
veracode 1
redhatcve 1
osv
osv
istioctl-1.22.3-1.1 on GA media
2024-07-17 00:00:00
BIT-envoy-2024-39305
2024-07-03 07:17:43
CVE-2024-39305
2024-07-01 21:15:04
cvelist
cvelist
CVE-2024-39305 Envoy Proxy use after free when route hash policy is configured with cookie attributes
2024-07-01 21:10:23
CVE-2024-6104 go-retryablehttp can leak basic auth credentials to log files
2024-06-24 17:06:21
nvd
nvd
CVE-2024-39305
2024-07-01 21:15:04
CVE-2024-6104
2024-06-24 17:15:11
vulnrichment
vulnrichment
CVE-2024-39305 Envoy Proxy use after free when route hash policy is configured with cookie attributes
2024-07-01 21:10:23
CVE-2024-6104 go-retryablehttp can leak basic auth credentials to log files
2024-06-24 17:06:21
cve
cve
CVE-2024-39305
2024-07-01 21:15:04
CVE-2024-6104
2024-06-24 17:15:11
nessus
nessus
openSUSE 15 Security Update : gh (openSUSE-SU-2024:0227-1)
2024-07-28 00:00:00
CBL Mariner 2.0 Security Update: cert-manager / packer / influxdb / keda / libcontainers-common (CVE-2024-6104)
2024-08-06 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2024:2286-1)
2024-07-04 00:00:00
cbl_mariner
cbl_mariner
CVE-2024-6104 affecting package keda for versions less than 2.4.0-22
2024-09-03 11:12:01
CVE-2024-6104 affecting package libcontainers-common for versions less than 20240213-2
2024-07-23 02:21:02
CVE-2024-6104 affecting package cri-o for versions less than 1.22.3-6
2024-09-03 11:12:01
redos
redos
ROS-20240902-12
2024-09-02 00:00:00
debiancve
debiancve
CVE-2024-6104
2024-06-24 17:15:11
openvas
openvas
openSUSE: Security Advisory for podman (SUSE-SU-2024:2273-1)
2024-07-10 00:00:00
openSUSE: Security Advisory for podman (SUSE-SU-2024:2286-1)
2024-07-10 00:00:00
openSUSE: Security Advisory for podman (SUSE-SU-2024:3062-1)
2024-09-04 00:00:00
wolfi
wolfi
CVE-2024-6104 vulnerabilities
2024-09-19 21:18:36
github
github
go-retryablehttp can leak basic auth credentials to log files
2024-06-24 18:31:37
redhat
redhat
(RHSA-2024:5160) Moderate: OpenShift Container Platform 4.15.27 security update
2024-08-15 14:21:22
veracode
veracode
Information Disclosure
2024-06-25 05:18:18
redhatcve
redhatcve
CVE-2024-6104
2024-06-24 21:50:10

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

JSON
Related for ROS-20240902-16
osv163cvelist2nvd2vulnrichment2cve2nessus3cbl_mariner15redos1debiancve1openvas3wolfi1github1redhat1veracode1redhatcve1