PT-2018-11002 · Octopus · Octopus Deploy
Benpearce1
·
Publicado
2018-06-11
·
Atualizado
2022-07-27
·
CVE-2018-12089
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Octopus Deploy versions 2018.5.1 through 2018.5.7
Description
A security issue allows a user with Task View permissions to view a password for a Service Fabric Cluster when the cluster target is configured in Azure Active Directory security mode and a deployment is executed with
OctopusPrintVariables set to True.Recommendations
For Octopus Deploy versions 2018.5.1 through 2018.5.7, update to version 2018.6.0 to resolve the issue.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Octopus Deploy