In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authenticated user (in certain limited circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.3. The fix was back-ported to LTS 2019.6.5 as well as LTS 2019.3.7.
References
Link | Resource |
---|---|
https://github.com/OctopusDeploy/Issues/issues/5739 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-07-25T15:55:20
Updated: 2019-07-25T15:55:20
Reserved: 2019-07-25T00:00:00
Link: CVE-2019-14268
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-07-25T16:15:13.260
Modified: 2019-08-02T20:22:21.867
Link: CVE-2019-14268
JSON object: View
Redhat Information
No data.
CWE