CVE-2023-1904

In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*
cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*
cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*

History

18 Sep 2024, 08:15

Type Values Removed Values Added
Summary (en) In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server. (en) In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.

19 Dec 2023, 18:57

Type Values Removed Values Added
CPE cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*
CWE CWE-532
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
First Time Octopus
Octopus octopus Server
References () https://advisories.octopus.com/post/2023/sa2023-12/ - () https://advisories.octopus.com/post/2023/sa2023-12/ - Vendor Advisory

14 Dec 2023, 13:52

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-14 08:15

Updated : 2024-09-18 08:15


NVD link : CVE-2023-1904

Mitre link : CVE-2023-1904

CVE.ORG link : CVE-2023-1904


JSON object : View

Products Affected

octopus

  • octopus_server
CWE
CWE-532

Insertion of Sensitive Information into Log File