chainguard/grafana-fips-10.3-oci-compat

Vulnerabilities (2)

• CVE-2024-6104Jun 24, 2024
  affected < 10.3.6-r3fixed 10.3.6-r3

  go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.

• CVE-2024-35255Jun 11, 2024
  affected < 10.3.6-r2fixed 10.3.6-r2

  Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability