PT-2018-10479 · Octopus · Octopus Deploy

Zentrono

Published

2018-05-21

Updated

2022-07-27

CVE-2018-11320

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Octopus Deploy versions 2018.4.4 through 2018.5.1

Description The issue concerns the handling of sensitive values in deployment logs. Specifically, Octopus variables sourced from the target do not have their sensitive values obfuscated in the logs.

Recommendations For versions 2018.4.4 through 2018.5.1, consider restricting access to deployment logs to minimize the risk of sensitive information exposure until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2018-11320

Affected Products

Octopus Deploy

PT-2018-10479 · Octopus · Octopus Deploy

CVE-2018-11320

Weakness Enumeration

Related Identifiers

Affected Products

References · 3