CVE-2024-11217 | THREATINT

Description

A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options.

PUBLISHED Reserved 2024-11-14 | Published 2024-11-15 | Updated 2026-06-26 | Assigner redhat

MEDIUM: 4.9CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Problem types

Debug Messages Revealing Unnecessary Information

Product status

Default status

unaffected

4.12.* (semver) before *

affected

4.13.* (semver) before *

affected

4.14.* (semver) before *

affected

4.15.* (semver) before *

affected

4.16.* (semver) before *

affected

4.17.* (semver) before *

affected

4.18.* (semver) before *

affected

Default status

affected

Timeline

2024-11-14:	Reported to Red Hat.
2024-11-14:	Made public.

Credits

This issue was discovered by Xingxing Xia (OpenShift QE (Quality Engineering), Red Hat).

References

access.redhat.com/security/cve/CVE-2024-11217 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2326230 (RHBZ#2326230) issue-tracking

cve.org (CVE-2024-11217)

nvd.nist.gov (CVE-2024-11217)

Download JSON