Vulnerability Report: GO-2024-2789
- CVE-2024-1139, GHSA-x5m7-63c6-fx79
- Affects: github.com/openshift/cluster-monitoring-operator
- Published: Jun 05, 2024
- Unreviewed
Cluster Monitoring Operator contains a credentials leak in github.com/openshift/cluster-monitoring-operator
For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-x5m7-63c6-fx79 or https://nvd.nist.gov/vuln/detail/CVE-2024-1139.
Affected Modules
-
PathGo Versions
-
all versions, no known fixed
Aliases
References
- https://github.com/advisories/GHSA-x5m7-63c6-fx79
- https://nvd.nist.gov/vuln/detail/CVE-2024-1139
- https://github.com/openshift/cluster-monitoring-operator/commit/1cfbe9ffafe1e43f8f87a451b72fddf5d76fa4e3
- https://github.com/openshift/cluster-monitoring-operator/pull/1747
- https://access.redhat.com/errata/RHSA-2024:1887
- https://access.redhat.com/errata/RHSA-2024:1891
- https://access.redhat.com/errata/RHSA-2024:2047
- https://access.redhat.com/errata/RHSA-2024:2782
- https://access.redhat.com/security/cve/CVE-2024-1139
- https://bugzilla.redhat.com/show_bug.cgi?id=2262158
- https://github.com/openshift/cluster-monitoring-operator/blob/d45a3335c2bbada0948adef9fcba55c4e14fa1d7/pkg/manifests/manifests.go#L3135
- https://vuln.go.dev/ID/GO-2024-2789.json
Feedback
This report is unreviewed. It was automatically generated from a third-party source and its details have not been verified by the Go team.
See anything missing or incorrect?
Suggest an edit to this report.