CVE-2018-11320

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0580%

EPSS Percentile36.76th

PublishedMay 21, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs.

Affected Platforms (CPE)

📦

Octopus

Octopus Server

>= 2018.4.4 and <= 2018.5.1

References & Advisories

🔗 https://github.com/OctopusDeploy/Issues/issues/4578

Related Vulnerabilities

CVE-2020-106788.8

In Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authentic...

CVE-2018-188508.8

In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes ...

CVE-2021-265567.8

When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileg...

CVE-2021-301837.5

Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import ...