Sensitive values may be exposed in some circumstances via variable preview - CVE-2019-15698 #5810
Closed
5 tasks done
Labels
area/security
kind/bug
This issue represents a verified problem we are committed to solving
priority
(obsolete) This issue has been recognised as a priority and should be addressed as soon as possible
Milestone
Prerequisites
Description
In certain circumstances, an authenticated user with
VariableView
permissions could view sensitive values via the improved variable preview shipped in 2019.7.3. Introduced in #4394.Affected versions
** Octopus Server**
2019.7.3
-2019.7.9
Mitigation
Nothing great.
Workarounds
Links
Source: internally reported.
Internal issue: https://github.com/OctopusDeploy/OctopusDeploy/issues/4232
The text was updated successfully, but these errors were encountered: