Debug Messages Revealing Unnecessary Information

CVE-2024-11217

Medium

4.9/10

Summary

A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-1295 - Debug Messages Revealing Unnecessary Information

The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages.

References

Advisory Timeline

Published Nov 15, 2024

Debug Messages Revealing Unnecessary Information

CVE-2024-11217

Summary

CWE-1295 - Debug Messages Revealing Unnecessary Information

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS