CVE-2023-1904 Vulnerability Details

  /     /     /  

CVE-2023-1904 Metadata Quick Info

CVE Published: 14/12/2023 | CVE Updated: 18/09/2024 | CVE Year: 2023
Source: Octopus | Vendor: Octopus Deploy | Product: Octopus Server
Status : PUBLISHED

---

CVE-2023-1904 Description

In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.

Metrics

CVSS Version: 3.1 | Base Score: 4.2 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: OpenID client secret logged in plain text during configuration
Source: Octopus Deploy

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).