CVE-2023-34097 HIGH

CVE-2023-34097: Database password exposed in logs in hoppscotch

Vendor Hoppscotch
Product hoppscotch
Weakness CWE-532 · Sensitive info in logs
Published June 5, 2023
Last update January 8, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs when showing the database connection string. Attackers with access to read system logs will be able to elevate privilege with full access to the database. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Key dates

02Disclosure timeline

June 5, 2023 CVE published
January 8, 2025 Record updated