Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-1904

In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.

Published

2023-12-14T08:15:36.550

Last Modified

2024-11-21T07:40:06.983

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.2 (MEDIUM)

Weaknesses

Type: Primary
CWE-532

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	octopus	octopus_server	< 2023.1.11942	Yes
Application	octopus	octopus_server	< 2023.2.13151	Yes
Application	octopus	octopus_server	< 2023.3.5049	Yes

References

https://advisories.octopus.com/post/2023/sa2023-12/ Vendor Advisory ([email protected])
https://advisories.octopus.com/post/2023/sa2023-12/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)