{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11217", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-11-14T12:57:54.752Z", "datePublished": "2024-11-15T20:48:46.460Z", "dateUpdated": "2024-11-21T20:51:34.373Z"}, "containers": {"cna": {"title": "Oauth-server-container: oauth-server-container logs client secret in debug level", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-oauth-server-rhel7", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-11217", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2326230", "name": "RHBZ#2326230", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-11-14T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-1295", "description": "Debug Messages Revealing Unnecessary Information", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-1295: Debug Messages Revealing Unnecessary Information", "timeline": [{"lang": "en", "time": "2024-11-14T12:49:38.971000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-11-14T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "This issue was discovered by Xingxing Xia (OpenShift QE (Quality Engineering), Red Hat)."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-21T20:51:34.373Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-15T21:09:10.428897Z", "id": "CVE-2024-11217", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-15T21:09:27.890Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11217", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-15T21:09:10.428897Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-15T21:09:14.552Z"}}], "cna": {"title": "Oauth-server-container: oauth-server-container logs client secret in debug level", "credits": [{"lang": "en", "value": "This issue was discovered by Xingxing Xia (OpenShift QE (Quality Engineering), Red Hat)."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openshift4/ose-oauth-server-rhel7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-11-14T12:49:38.971000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-11-14T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-11-14T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-11217", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2326230", "name": "RHBZ#2326230", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1295", "description": "Debug Messages Revealing Unnecessary Information"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-21T20:51:34.373Z"}, "x_redhatCweChain": "CWE-1295: Debug Messages Revealing Unnecessary Information"}}, "cveMetadata": {"cveId": "CVE-2024-11217", "state": "PUBLISHED", "dateUpdated": "2024-11-21T20:51:34.373Z", "dateReserved": "2024-11-14T12:57:54.752Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-11-15T20:48:46.460Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en el servidor OAuth. El servidor OAuth registra el secreto del cliente OAuth2 cuando el nivel de registro es mayor que el de Depuraci\u00f3n para las opciones de inicio de sesi\u00f3n de los IDP de OIDC/GitHub/GitLab/Google."}], "id": "CVE-2024-11217", "lastModified": "2024-11-18T17:11:56.587", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2024-11-15T21:15:06.543", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-11217"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2326230"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1295"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Xingxing Xia (OpenShift QE (Quality Engineering), Red Hat).", "bugzilla": {"description": "oauth-server-container: oauth-server-container logs client secret in debug level", "id": "2326230", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2326230"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-1295", "details": ["A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options.", "A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options."], "name": "CVE-2024-11217", "package_state": [{"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-oauth-server-rhel7", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2024-11-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-11217\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-11217"], "threat_severity": "Low"}