CVE-2023-1904 MEDIUM

CVE-2023-1904

Vendor Octopus Deploy
Product Octopus Server
Published December 14, 2023
Last update September 18, 2024

CVSS base score

4.2/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.

Key dates

02Disclosure timeline

December 14, 2023 CVE published
September 18, 2024 Record updated