← Back

CVE-2019-8944

nvd nist
Published: Feb 20, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (and before 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files.

Affected (6)

Octopus
2 products
Octopus Deploy
Octopus Server
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Octopus
Octopus Deploy
Up to 2018.9.17
Octopus Deploy
Version 2018.10.0
Octopus Deploy
Version 2018.10.1
Octopus Deploy
Version 2018.10.2
Octopus Deploy
Version 2018.10.3
Octopus Server
From 2018.11.0 to 2019.1.8

Related CWEs

CWE-532
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (4)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.