CVE-2018-11320

CRITICAL

Octopus Server < 2018.5.1 - Log Information Exposure

Title source: rule
STIX 2.1

Description

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs.

References (1)

Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://github.com/OctopusDeploy/Issues/issues/4578

Scores

CVSS v3 9.8
EPSS 0.0027
EPSS Percentile 50.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-532
Status published
Products (1)
octopus/octopus_server 2018.4.4 - 2018.5.1
Published May 21, 2018
Tracked Since Feb 18, 2026