CVE-2023-4509
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
It is possible for an API key to be logged in clear text in the audit log file after an invalid login attempt.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Octopus Deploy | Octopus Server | 2018.9 < 2023.4.296 | affected |
| Octopus Deploy | Octopus Server | 2024.1 < 2024.1.437 | affected |
| Octopus Deploy | Octopus Server | 2024.2 < 2024.2.101 | affected |
Weaknesses
- API key disclosed in Octopus Server audit log
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.