CVE-2019-8944

MEDIUM

Octopus Deploy < 2018.9.17 - Log Information Exposure

Title source: rule
STIX 2.1

Description

An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (and before 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/OctopusDeploy/Issues/issues/5315
Third Party Advisory x_refsource_misc
https://github.com/OctopusDeploy/Issues/issues/5314

Scores

CVSS v3 6.5
EPSS 0.0024
EPSS Percentile 47.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-532
Status published
Products (6)
octopus/octopus_deploy 2018.10.0
octopus/octopus_deploy 2018.10.1
octopus/octopus_deploy 2018.10.2
octopus/octopus_deploy 2018.10.3
octopus/octopus_deploy < 2018.9.17
octopus/octopus_server 2018.11.0 - 2019.1.8
Published Feb 20, 2019
Tracked Since Feb 18, 2026