Matt-Richardson

**Nome do software vulnerável e versões afetadas** Versões do Octopus Deploy de 2018.8.0 a 2019.x anteriores à 2019.12.2 **Descrição** A vulnerabilidade permite que um usuário autenticado acione uma implantação que vaza a senha do repositório Helm Chart. **Recomendações** Para as versões 2018.8.0 a 2019.x anteriores à 2019.12.2, atualize para a versão 2019.12.2 ou posterior para resolver o problema.

**Name of the Vulnerable Software and Affected Versions** Octopus Deploy versions prior to 2019.10.7 Octopus Deploy versions 2019.6 prior to 2019.6.14 Octopus Deploy versions 2019.9 prior to 2019.9.8 **Description** The issue arises in configurations where SSL offloading is enabled, leading to the CSRF cookie being sent without the secure attribute. **Recommendations** For versions prior to 2019.10.7, update to version 2019.10.7 or later. For versions 2019.6 prior to 2019.6.14, update to version 2019.6.14 or later. For versions 2019.9 prior to 2019.9.8, update to version 2019.9.8 or later.

**Name of the Vulnerable Software and Affected Versions** Octopus Deploy versions prior to 2019.10.6 Octopus Deploy versions prior to 2019.9.8 (LTS) Octopus Deploy versions prior to 2019.6.14 (LTS) **Description** The issue allows an authenticated user with TeamEdit permission to send a malformed Team API request, bypassing input validation and causing an application-level denial of service condition. **Recommendations** For versions prior to 2019.10.6, update to version 2019.10.6 or later. For LTS versions prior to 2019.9.8, update to version 2019.9.8 or later. For LTS versions prior to 2019.6.14, update to version 2019.6.14 or later.