← Back

CVE-2022-1901

nvd nist
Published: Aug 19, 2022Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview.

Affected (6)

Octopus
1 product
Octopus Server
Configuration A
6 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Octopus
Octopus Server
From 2019.1.0 to 2019.7.3
Octopus Server
From 2020.1.0 to 2020.6.5449
Octopus Server
From 2021.1.6959 to 2021.3.13021
Octopus Server
From 2022.1.0 to 2022.1.3009
Octopus Server
From 2022.2.6729 to 2022.2.7244
Octopus Server
From 2022.3.348 to 2022.3.4953
Running on/withPlatform Versions
Linux
Linux Kernel
All versions
Microsoft
Windows
All versions

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

Source: security@octopus.com
MitigationPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationPatchVendor Advisory

Timeline

No history available yet.