PT-2018-11002 · Octopus · Octopus Deploy
Benpearce1
·
Published
2018-06-11
·
Updated
2022-07-27
·
CVE-2018-12089
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Octopus Deploy versions 2018.5.1 through 2018.5.7
Description
A security issue allows a user with Task View permissions to view a password for a Service Fabric Cluster when the cluster target is configured in Azure Active Directory security mode and a deployment is executed with
OctopusPrintVariables set to True.Recommendations
For Octopus Deploy versions 2018.5.1 through 2018.5.7, update to version 2018.6.0 to resolve the issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Octopus Deploy