Описание
In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. This is fixed in 2018.6.0.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2018.5.1 (включая) до 2018.5.7 (включая)
cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00283
Низкий
7.5 High
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. This is fixed in 2018.6.0.
EPSS
Процентиль: 51%
0.00283
Низкий
7.5 High
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-200