CVE-2023-1904

In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*
cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*
cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:40

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 4.2
References () https://advisories.octopus.com/post/2023/sa2023-12/ - Vendor Advisory () https://advisories.octopus.com/post/2023/sa2023-12/ - Vendor Advisory

18 Sep 2024, 08:15

Type Values Removed Values Added
Summary (en) In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server. (en) In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.

19 Dec 2023, 18:57

Type Values Removed Values Added
CWE CWE-532
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*
References () https://advisories.octopus.com/post/2023/sa2023-12/ - () https://advisories.octopus.com/post/2023/sa2023-12/ - Vendor Advisory
First Time Octopus
Octopus octopus Server

14 Dec 2023, 13:52

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-14 08:15

Updated : 2024-11-21 07:40


NVD link : CVE-2023-1904

Mitre link : CVE-2023-1904

CVE.ORG link : CVE-2023-1904


JSON object : View

Products Affected

octopus

  • octopus_server
CWE
CWE-532

Insertion of Sensitive Information into Log File