CVE-2018-11320

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0580%

EPSS Percentile36.76th

Published2018年5月21日

Last Modified2024年11月21日

Vulnerability Description

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs.

Affected Platforms (CPE)

📦

Octopus

Octopus Server

>= 2018.4.4 and <= 2018.5.1

References & Advisories

🔗 https://github.com/OctopusDeploy/Issues/issues/4578

関連する脆弱性情報

CVE-2020-106788.8

In Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authentic...

CVE-2018-188508.8

In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes ...

CVE-2021-265567.8

When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileg...

CVE-2021-301837.5

Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import ...