CVE-2023-4509 MEDIUM

CVE-2023-4509

Vendor Octopus Deploy
Product Octopus Server
Published April 17, 2024
Last update November 7, 2024

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

It is possible for an API key to be logged in clear text in the audit log file after an invalid login attempt.

Key dates

02Disclosure timeline

April 17, 2024 CVE published
November 7, 2024 Record updated