CVE-2023-1904
published 2023-12-14CVE-2023-1904: In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.39%
30.3th percentile
In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| octopus | octopus_server | >= 2022.1.2121 < 2023.1.11942 | 2023.1.11942 |
| octopus | octopus_server | >= 2023.2.2028 < 2023.2.13151 | 2023.2.13151 |
| octopus | octopus_server | >= 2023.3.317 < 2023.3.5049 | 2023.3.5049 |
| octopus_deploy | octopus_server | >= 2022.2.7897 < unspecified | unspecified |
| octopus_deploy | octopus_server | >= unspecified < 2023.1.11942 | 2023.1.11942 |
| octopus_deploy | octopus_server | >= unspecified < 2023.2.13151 | 2023.2.13151 |
| octopus_deploy | octopus_server | >= unspecified < 2023.3.5049 | 2023.3.5049 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-12-14
Published