CVE-2018-11320

CRITICAL

Octopus Server 2018.4.4-2018.5.1 - Sensitive Information Exposure in Deployment Logs

Title source: llm
STIX 2.1

Description

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs.

References (1)

Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://github.com/OctopusDeploy/Issues/issues/4578

Scores

CVSS v3 9.8
EPSS 0.0138
EPSS Percentile 68.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-532
Status published
Products (1)
octopus/octopus_server 2018.4.4 - 2018.5.1
Published May 21, 2018
Tracked Since Feb 18, 2026