{"id":"CVE-2024-23840","summary":"`goreleaser release --debug` shows secrets","details":"GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. `goreleaser release --debug` log shows secret values used in the in the custom publisher. This vulnerability is fixed in 1.24.0.","aliases":["GHSA-h3q2-8whx-c29h","GO-2024-2482"],"modified":"2026-04-10T05:10:40.882351Z","published":"2024-01-30T16:39:09.284Z","related":["CGA-89xh-qff3-rh5c"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/23xxx/CVE-2024-23840.json","cwe_ids":["CWE-532"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/23xxx/CVE-2024-23840.json"},{"type":"ADVISORY","url":"https://github.com/goreleaser/goreleaser/security/advisories/GHSA-h3q2-8whx-c29h"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23840"},{"type":"FIX","url":"https://github.com/goreleaser/goreleaser/commit/d5b6a533ca1dc3366983d5d31ee2d2b6232b83c0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/goreleaser/goreleaser","events":[{"introduced":"0"},{"fixed":"d5b6a533ca1dc3366983d5d31ee2d2b6232b83c0"}]}],"versions":["v0.0.1","v0.0.2","v0.0.3","v0.0.4","v0.0.5","v0.0.6","v0.0.7","v0.0.8","v0.0.9","v0.1.0","v0.1.1","v0.1.2","v0.1.3","v0.1.4","v0.1.5","v0.1.6","v0.1.7","v0.1.8","v0.1.9","v0.10.0","v0.100.0","v0.101.0","v0.102.0","v0.103.0","v0.103.1","v0.104.0","v0.104.1","v0.104.2","v0.104.3","v0.105.0","v0.106.0","v0.107.0","v0.108.0","v0.109.0","v0.11.0","v0.11.1","v0.110.0","v0.111.0","v0.112.0","v0.112.1","v0.112.2","v0.113.0","v0.113.1","v0.114.0","v0.114.1","v0.115.0","v0.116.0","v0.117.0","v0.117.1","v0.117.2","v0.118.0","v0.118.1","v0.118.2","v0.119.0","v0.12.0","v0.12.1","v0.12.2","v0.12.3","v0.120.0","v0.120.1","v0.120.2","v0.120.3","v0.120.4","v0.120.5","v0.120.6","v0.120.7","v0.120.8","v0.121.0","v0.122.0","v0.123.0","v0.123.1","v0.123.2","v0.123.3","v0.124.0","v0.124.1","v0.125.0","v0.126.0","v0.127.0","v0.128.0","v0.129.0","v0.13.0","v0.13.1","v0.13.2","v0.13.3","v0.13.4","v0.13.5","v0.13.6","v0.130.0","v0.130.1","v0.130.2","v0.131.0","v0.131.1","v0.132.0","v0.132.1","v0.133.0","v0.134.0","v0.135.0","v0.136.0","v0.137.0","v0.138.0","v0.139.0","v0.14.0","v0.140.0","v0.140.1","v0.141.0","v0.142.0","v0.143.0","v0.144.0","v0.144.1","v0.145.0","v0.146.0","v0.147.0","v0.147.1","v0.147.2","v0.148.0","v0.149.0","v0.15.0","v0.15.1","v0.150.0","v0.150.1","v0.151.0","v0.151.1","v0.151.2","v0.152.0","v0.153.0","v0.154.0","v0.155.0","v0.155.1","v0.155.2","v0.156.0","v0.156.1","v0.156.2","v0.157.0","v0.158.0","v0.159.0","v0.16.0","v0.16.1","v0.160.0","v0.161.0","v0.161.1","v0.162.0","v0.162.1","v0.163.0","v0.163.1","v0.164.0","v0.165.0","v0.166.0","v0.166.1","v0.166.2","v0.167.0","v0.168.0","v0.168.1","v0.168.2","v0.169.0","v0.17.0","v0.17.1","v0.17.2","v0.17.3","v0.17.4","v0.17.5","v0.17.6","v0.170.0","v0.171.0","v0.172.0","v0.172.1","v0.173.0","v0.173.1","v0.173.2","v0.174.0","v0.174.1","v0.174.2","v0.175.0","v0.176.0","v0.177.0","v0.178.0","v0.179.0","v0.18.0","v0.18.1","v0.180.0","v0.180.1","v0.180.2","v0.180.3","v0.181.0","v0.181.1","v0.182.0","v0.182.1","v0.183.0","v0.184.0","v0.19.0","v0.2.0","v0.2.1","v0.2.2","v0.2.3","v0.2.4","v0.2.5","v0.2.6","v0.2.7","v0.2.8","v0.2.9","v0.20.0","v0.20.1","v0.20.2","v0.20.3","v0.20.4","v0.21.0","v0.21.1","v0.21.2","v0.21.3","v0.21.4","v0.21.5","v0.22.0","v0.22.1","v0.22.2","v0.23.0","v0.23.1","v0.24.0","v0.25.0","v0.26.0","v0.26.1","v0.27.0","v0.27.1","v0.27.2","v0.27.3","v0.27.4","v0.27.5","v0.28.0","v0.28.1","v0.28.2","v0.28.3","v0.28.4","v0.28.5","v0.28.6","v0.28.7","v0.28.8","v0.28.9","v0.3.0","v0.3.1","v0.3.2","v0.3.4","v0.3.5","v0.3.6","v0.30.0","v0.30.1","v0.30.2","v0.30.3","v0.30.4","v0.30.5","v0.31.0","v0.31.1","v0.32.0","v0.32.1","v0.32.2","v0.33.0","v0.33.1","v0.33.2","v0.34.0","v0.34.1","v0.34.2","v0.34.5","v0.35.0","v0.35.1","v0.35.2","v0.35.3","v0.35.4","v0.35.5","v0.35.6","v0.35.7","v0.36.0","v0.36.1","v0.37.0","v0.37.1","v0.37.10","v0.37.2","v0.37.3","v0.37.4","v0.37.5","v0.37.6","v0.37.7","v0.37.8","v0.37.9","v0.38.0","v0.39.0","v0.4.0","v0.4.1","v0.4.2","v0.4.3","v0.4.4","v0.4.5","v0.40.0","v0.40.1","v0.40.2","v0.40.3","v0.40.4","v0.40.5","v0.40.6","v0.41.0","v0.41.1","v0.42.0","v0.42.1","v0.42.2","v0.43.0","v0.44.0","v0.44.1","v0.44.2","v0.45.0","v0.45.1","v0.45.2","v0.45.3","v0.45.4","v0.45.5","v0.46.0","v0.46.1","v0.46.2","v0.46.3","v0.46.4","v0.47.0","v0.47.1","v0.48.0","v0.49.0","v0.49.1","v0.49.2","v0.49.3","v0.5.0","v0.5.1","v0.5.2","v0.5.3","v0.5.4","v0.5.5","v0.5.6","v0.5.7","v0.5.8","v0.5.9","v0.50.0","v0.50.1","v0.51.0","v0.52.0","v0.52.1","v0.52.2","v0.52.3","v0.53.0","v0.54.0","v0.54.1","v0.54.2","v0.54.3","v0.55.0","v0.55.1","v0.56.0","v0.57.0","v0.57.1","v0.57.2","v0.58.0","v0.58.1","v0.58.2","v0.58.3","v0.59.0","v0.59.1","v0.6.0","v0.6.1","v0.6.2","v0.60.0","v0.61.0","v0.61.1","v0.61.2","v0.61.3","v0.62.0","v0.62.1","v0.62.2","v0.62.3","v0.62.4","v0.62.5","v0.62.6","v0.63.0","v0.63.1","v0.64.0","v0.65.0","v0.66.0","v0.66.1","v0.67.0","v0.68.0","v0.69.0","v0.7.0","v0.7.1","v0.7.2","v0.7.3","v0.7.4","v0.7.5","v0.7.6","v0.7.7","v0.7.8","v0.7.9","v0.70.0","v0.71.0","v0.71.1","v0.72.0","v0.73.0","v0.73.1","v0.73.2","v0.74.0","v0.75.0","v0.76.0","v0.76.1","v0.77.0","v0.77.1","v0.77.2","v0.78.0","v0.79.0","v0.79.1","v0.79.2","v0.8.0","v0.8.1","v0.8.2","v0.8.3","v0.8.4","v0.8.5","v0.8.6","v0.8.7","v0.8.8","v0.8.9","v0.80.0","v0.80.1","v0.80.2","v0.81.0","v0.81.1","v0.82.0","v0.82.1","v0.82.2","v0.83.0","v0.83.1","v0.83.2","v0.83.3","v0.84.0","v0.85.0","v0.85.1","v0.85.2","v0.85.3","v0.86.0","v0.86.1","v0.87.0","v0.88.0","v0.89.0","v0.9.0","v0.9.1","v0.9.2","v0.9.3","v0.9.4","v0.9.5","v0.9.6","v0.9.7","v0.9.8","v0.90.0","v0.91.0","v0.91.1","v0.91.2","v0.92.0","v0.92.1","v0.93.0","v0.93.1","v0.93.2","v0.94.0","v0.95.0","v0.95.1","v0.95.2","v0.96.0","v0.97.0","v0.98.0","v0.99.0","v1.0.0","v1.1.0","v1.10.0","v1.10.1","v1.10.2","v1.10.3","v1.11.0","v1.11.1","v1.11.2","v1.11.3","v1.11.4","v1.11.5","v1.12.0","v1.12.1","v1.12.3","v1.13.0","v1.14.0","v1.14.1","v1.15.0","v1.15.1","v1.15.2","v1.16.0","v1.16.1","v1.17.0","v1.17.1","v1.17.2","v1.18.0","v1.18.1","v1.18.2","v1.19.0","v1.19.1","v1.19.2","v1.2.0","v1.2.1","v1.2.2","v1.2.3","v1.2.4","v1.2.5","v1.20.0","v1.21.0","v1.21.1","v1.21.2","v1.22.0","v1.23.0","v1.3.0","v1.3.1","v1.4.0","v1.4.1","v1.5.0","v1.6.0","v1.6.1","v1.6.2","v1.6.3","v1.7.0","v1.8.0","v1.8.1","v1.8.2","v1.8.3","v1.9.0","v1.9.1","v1.9.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23840.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}