CVE-2023-1904

Summary

In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.

Affected Software

VendorProductVersion RangeStatus
Octopus DeployOctopus Server2022.2.7897 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2023.1.11942affected
Octopus DeployOctopus Serverunspecified < 2023.2.13151affected
Octopus DeployOctopus Serverunspecified < 2023.3.5049affected

Weaknesses

  • OpenID client secret logged in plain text during configuration

ADP Enrichment

CVE Program Container

Additional References

References