CVE-2023-1904

Severity CVSS v4.0:
Pending analysis
Type:
CWE-532 Information Exposure Through Log Files
Publication date:
14/12/2023
Last modified:
18/09/2024

Description

In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:* 2022.1.2121 (including) 2023.1.11942 (excluding)
cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:* 2023.2.2028 (including) 2023.2.13151 (excluding)
cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:* 2023.3.317 (including) 2023.3.5049 (excluding)


References to Advisories, Solutions, and Tools