Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-8944

An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (and before 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files.

Published

2019-02-20T03:29:00.343

Last Modified

2024-11-21T04:50:42.663

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-532

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	octopus	octopus_deploy	≤ 2018.9.17	Yes
Application	octopus	octopus_deploy	2018.10.0	Yes
Application	octopus	octopus_deploy	2018.10.1	Yes
Application	octopus	octopus_deploy	2018.10.2	Yes
Application	octopus	octopus_deploy	2018.10.3	Yes
Application	octopus	octopus_server	< 2019.1.8	Yes

References

https://github.com/OctopusDeploy/Issues/issues/5314 Third Party Advisory ([email protected])
https://github.com/OctopusDeploy/Issues/issues/5315 Third Party Advisory ([email protected])
https://github.com/OctopusDeploy/Issues/issues/5314 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OctopusDeploy/Issues/issues/5315 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)