CVE-2023-34097

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions hoppscotch versions prior to 2023.4.5

Description The issue concerns the exposure of the database password in system logs when the database connection string is displayed. This could allow attackers with access to system logs to elevate their privileges and gain full access to the database.

Recommendations For versions prior to 2023.4.5, upgrade to version 2023.4.5 or later to resolve the issue. As a temporary mitigation measure, consider restricting access to system logs to minimize the risk of exploitation.

Exploit

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2023-34097

GHSA-QPX8-WQ6Q-R833

Affected Products

Hoppscotch

CVE-2023-34097

Weakness Enumeration

Related Identifiers

Affected Products

References · 7