Description
In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected products
- Octopus Deploy / Octopus Server2018.3.1 – unspecified
- Octopus Deploy / Octopus Serverunspecified – 2021.3.13150
- Octopus Deploy / Octopus Server2022.1.2121 – unspecified
- Octopus Deploy / Octopus Serverunspecified – 2022.1.3281
- Octopus Deploy / Octopus Server2022.2.7897 – unspecified
- Octopus Deploy / Octopus Serverunspecified – 2022.2.8552
- Octopus Deploy / Octopus Server2022.3.348 – unspecified
- Octopus Deploy / Octopus Serverunspecified – 2022.3.10750
- Octopus Deploy / Octopus Server2022.4.791 – unspecified
- Octopus Deploy / Octopus Serverunspecified – 2022.4.8221
References
- VENDOR_ADVISORYhttps://advisories.octopus.com/post/2022/sa2022-25/