PT-2020-14797 · Octopus · Octopus Deploy
Published
2020-08-25
·
Updated
2022-07-27
·
CVE-2020-16197
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Octopus Deploy version 3.4
Description
An issue was discovered where a deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. This allows an authorized user to potentially use a certificate that they are not in scope to use. Furthermore, an authorized user can obtain certificate metadata by associating a certificate with certain resources that should fail scope validation.
Recommendations
For Octopus Deploy version 3.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Octopus Deploy