CVE-2023-4509

Summary

It is possible for an API key to be logged in clear text in the audit log file after an invalid login attempt.

Affected Software

VendorProductVersion RangeStatus
Octopus DeployOctopus Server2018.9 < 2023.4.296affected
Octopus DeployOctopus Server2024.1 < 2024.1.437affected
Octopus DeployOctopus Server2024.2 < 2024.2.101affected

Weaknesses

  • API key disclosed in Octopus Server audit log

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References