Lucene search

OctopusCVELIST:CVE-2023-1904

HistoryDec 14, 2023 - 7:23 a.m.

CVE-2023-1904

2023-12-1407:23:08

Octopus

www.cve.org

octopus server

openid

client secret

logging

vulnerability

4.2 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

37.4%

JSON

In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "Linux"
    ],
    "product": "Octopus Server",
    "vendor": "Octopus Deploy",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "2022.2.7897",
        "versionType": "custom"
      },
      {
        "lessThan": "2023.1.11942",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "2023.2.13151",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "2023.3.5049",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

advisories.octopus.com/post/2023/sa2023-12/

4.2 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

37.4%

JSON

Related for CVELIST:CVE-2023-1904