cbcvebase.
CVE-2023-1904
published 2023-12-14

CVE-2023-1904: In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.

PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.39%
30.3th percentile
In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.

Affected

7 ranges
VendorProductVersion rangeFixed in
octopusoctopus_server>= 2022.1.2121 < 2023.1.119422023.1.11942
octopusoctopus_server>= 2023.2.2028 < 2023.2.131512023.2.13151
octopusoctopus_server>= 2023.3.317 < 2023.3.50492023.3.5049
octopus_deployoctopus_server>= 2022.2.7897 < unspecifiedunspecified
octopus_deployoctopus_server>= unspecified < 2023.1.119422023.1.11942
octopus_deployoctopus_server>= unspecified < 2023.2.131512023.2.13151
octopus_deployoctopus_server>= unspecified < 2023.3.50492023.3.5049
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.