CVE-2023-4509

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-4509
It is possible for an API key to be logged in clear text in the audit log file after an invalid login attempt.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://advisories.octopus.com/post/2024/sa2024-02/
Configurations

No configuration.

History

07 Nov 2024, 17:35

Type Values Removed Values Added
CWE CWE-319

18 Apr 2024, 13:04

Type Values Removed Values Added
Summary
  • (es) Es posible que una clave API se registre en texto plano en el archivo de registro de auditoría después de un intento de inicio de sesión no válido.

18 Apr 2024, 00:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-18 00:15

Updated : 2024-11-07 17:35

NVD link : CVE-2023-4509

Mitre link : CVE-2023-4509

CVE.ORG link : CVE-2023-4509

JSON object : View

Products Affected

No product.

CWE
CWE-319

Cleartext Transmission of Sensitive Information