cvedb.io
CVE-2023-34097
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2023-06-05T21:15:11.290 · Last modified 2026-06-17T06:02:53.287

Summary

hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs when showing the database connection string. Attackers with access to read system logs will be able to elevate privilege with full access to the database. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected products

hoppscotch — hoppscotch

Does this affect you?

Add your gear to cvedb and we'll alert you only when hoppscotch ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.