Description
hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs when showing the database connection string. Attackers with access to read system logs will be able to elevate privilege with full access to the database. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References (2)
Core 2
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-qpx8-wq6q-r833
Scores
CVSS v3
7.8
EPSS
0.0022
EPSS Percentile
44.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-532
Status
published
Products (1)
hoppscotch/hoppscotch
< 2023.4.5
Published
Jun 05, 2023
Tracked Since
Feb 18, 2026