CVE-2023-34097

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-34097

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34097.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-34097

Aliases

GHSA-qpx8-wq6q-r833

Published

2023-06-05T20:02:04Z

Modified

2025-11-04T20:13:25.761663Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Database password exposed in logs in hoppscotch

Details

hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs when showing the database connection string. Attackers with access to read system logs will be able to elevate privilege with full access to the database. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific

{
    "cwe_ids": [
        "CWE-532"
    ]
}

References

Affected packages

Git / github.com/hoppscotch/hoppscotch

Affected ranges

Type: GIT
Repo: https://github.com/hoppscotch/hoppscotch
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e75391cdf1012a439ec4ab7bc119e740fca2b68d

Affected versions

2023.*

2023.4.0

2023.4.1

2023.4.2

2023.4.3

2023.4.4

v0.*

v0.1.0

v1.*

v1.0.0

v1.10.0

v1.12.0

v1.5.0

v1.8.0

v1.9.0

v1.9.5

v1.9.7

v1.9.9

v2.*

v2.0.0

v2.1.0

v2.2.0

v2.2.1

v3.*

v3.0.0

v3.0.1