An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain certificate metadata by associating a certificate with certain resources that should fail scope validation.
References
Link | Resource |
---|---|
https://github.com/OctopusDeploy/Issues/issues/6529 | Third Party Advisory |
https://github.com/OctopusDeploy/Issues/issues/6530 | Third Party Advisory |
https://github.com/OctopusDeploy/Issues/issues/6531 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-08-25T18:51:45
Updated: 2020-08-25T18:51:45
Reserved: 2020-07-31T00:00:00
Link: CVE-2020-16197
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-08-25T19:15:12.500
Modified: 2022-07-27T17:07:18.737
Link: CVE-2020-16197
JSON object: View
Redhat Information
No data.
CWE