CVE-2024-11217

Summary

A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options.

Affected Software

VendorProductVersion RangeStatus
4.12.* < *affected
4.13.* < *affected
4.14.* < *affected
4.15.* < *affected
4.16.* < *affected
4.17.* < *affected
4.18.* < *affected

Weaknesses

  • CWE-1295: Debug Messages Revealing Unnecessary Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References