Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tentacle TentacleProxyPassword logged in clear text when OctopusPrintVariables is set #5747

Closed
flin-8 opened this issue Jul 31, 2019 · 0 comments

Comments

@flin-8
Copy link

commented Jul 31, 2019

Prerequisites

  • We are ready to publicly disclose this vulnerability or exploit according to our responsible disclosure process.
  • I have raised a CVE according to our CVE process
  • I have written a descriptive issue title
  • I have linked the original source of this report
  • I have tagged the issue appropriately (area/security, kind/bug, tag/regression?)

Description

#5750 also affected 2019.3 LTS. The fix has been shipped in the LTS patch indicated by the milestone. If you are using 2019.3 LTS we highly recommend applying this patch.

CVE: CVE-2019-15508

Learn about the Octopus Server LTS program.

@flin-8 flin-8 self-assigned this Jul 31, 2019
@flin-8 flin-8 changed the title Placeholder for #4144 Placeholder for #138 Aug 1, 2019
@flin-8 flin-8 changed the title Placeholder for #138 Placeholder for #138 2019.3 Aug 1, 2019
@flin-8 flin-8 added this to the 2019.3.8 milestone Aug 1, 2019
@flin-8 flin-8 closed this Aug 6, 2019
@flin-8 flin-8 changed the title Placeholder for #138 2019.3 Addressed security issue, details TBA Aug 7, 2019
@flin-8 flin-8 changed the title Addressed security issue, details TBA Tentacle TentacleProxyPassword logged in clear text when OctopusPrintVariables is set Aug 16, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.