4.9
CVE-2024-11217
- EPSS 0.19%
- Veröffentlicht 15.11.2024 21:15:06
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Oauth-server-container: oauth-server-container logs client secret in debug level
A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/openshift/oauth-server
≫
Paket
oauth-server-container
Default Statusunaffected
Version
4.12.*
Version <
*
Status
affected
Version
4.13.*
Version <
*
Status
affected
Version
4.14.*
Version <
*
Status
affected
Version
4.15.*
Version <
*
Status
affected
Version
4.16.*
Version <
*
Status
affected
Version
4.17.*
Version <
*
Status
affected
Version
4.18.*
Version <
*
Status
affected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift Container Platform 4
Default Statusaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.403 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
CWE-1295 Debug Messages Revealing Unnecessary Information
The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages.