CVE-2018-11320

Name of the Vulnerable Software and Affected Versions Octopus Deploy versions 2018.4.4 through 2018.5.1

Description The issue concerns the handling of sensitive values in deployment logs. Specifically, Octopus variables sourced from the target do not have their sensitive values obfuscated in the logs.

Recommendations For versions 2018.4.4 through 2018.5.1, consider restricting access to deployment logs to minimize the risk of sensitive information exposure until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.