Code injection

2023-12-1408:15:00

PRIOn knowledge base

www.prio-n.com

code injection

security vulnerability

octopus server

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.4%

JSON

In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.

CPENameOperatorVersion
octopus_serverge2023.3.317
octopus_serverlt2023.3.5049
octopus_serverge2023.2.2028
octopus_serverlt2023.2.13151
octopus_serverge2022.1.2121
octopus_serverlt2023.1.11942

Name	Operator	Version
octopus_server	ge	2023.3.317
octopus_server	lt	2023.3.5049
octopus_server	ge	2023.2.2028
octopus_server	lt	2023.2.13151
octopus_server	ge	2022.1.2121
octopus_server	lt	2023.1.11942

References

advisories.octopus.com/post/2023/sa2023-12/