We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options.
Reserved 2024-11-14 | Published 2024-11-15 | Updated 2024-11-21 | Assigner redhatDebug Messages Revealing Unnecessary Information
2024-11-14: | Reported to Red Hat. |
2024-11-14: | Made public. |
This issue was discovered by Xingxing Xia (OpenShift QE (Quality Engineering), Red Hat).
access.redhat.com/security/cve/CVE-2024-11217
bugzilla.redhat.com/show_bug.cgi?id=2326230 (RHBZ#2326230)
Support options