Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tentacle TentacleProxyPassword logged in clear text when OctopusPrintVariables is set #5749

Closed
flin-8 opened this issue Aug 1, 2019 · 0 comments

Comments

@flin-8
Copy link

commented Aug 1, 2019

Prerequisites

  • We are ready to publicly disclose this vulnerability or exploit according to our responsible disclosure process.
  • I have raised a CVE according to our CVE process
  • I have written a descriptive issue title
  • I have linked the original source of this report
  • I have tagged the issue appropriately (area/security, kind/bug, tag/regression?)

Description

#5750 also affected 2019.6 LTS. The fix has been shipped in the LTS patch indicated by the milestone. If you are using 2019.6 LTS we highly recommend applying this patch.

CVE: CVE-2019-15508

Learn about the Octopus Server LTS program.

@flin-8 flin-8 added this to the 2019.6.7 milestone Aug 6, 2019

@flin-8 flin-8 self-assigned this Aug 6, 2019

@flin-8 flin-8 closed this Aug 6, 2019

@flin-8 flin-8 changed the title Placeholder for #138 2019.6 Addressed security issue, details TBA Aug 7, 2019

@flin-8 flin-8 changed the title Addressed security issue, details TBA Tentacle TentacleProxyPassword logged in clear text when OctopusPrintVariables is set Aug 16, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.