API Key Logged in Clear Text After Invalid Login Attempt
CVE-2023-4509

4.3MEDIUM

Key Information:

Vendor: Octopus Deploy
Status: Octopus Server
Vendor: CVE Published:; 18 April 2024

🔔 Create Octopus Deploy Vulnerability Alert

What is CVE-2023-4509?

It is possible for an API key to be logged in clear text in the audit log file after an invalid login attempt.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Octopus Server Windows 2018.9 < 2023.4.296

Octopus Server Windows 2024.1 < 2024.1.437

Octopus Server Windows 2024.2 < 2024.2.101

References

https://advisories.octopus.com/post/2024/sa2024-02/

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2024

JSON

Octopus Deploy