Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TentacleProxyPassword logged in clear text if $env:HTTP_PROXY is printed and password contains special characters #5759

Closed
flin-8 opened this issue Aug 6, 2019 · 0 comments

Comments

@flin-8
Copy link

commented Aug 6, 2019

Prerequisites

  • We are ready to publicly disclose this vulnerability or exploit according to our responsible disclosure process.
  • I have raised a CVE according to our CVE process
  • I have written a descriptive issue title
  • I have linked the original source of this report
  • I have tagged the issue appropriately (area/security, kind/bug, tag/regression?)

Description

#5761 also affected 2019.3 LTS. The fix has been shipped in the LTS patch indicated by the milestone. If you are using 2019.3 LTS we highly recommend applying this patch.

CVE: CVE-2019-15507

Learn about the Octopus Server LTS program.

@flin-8 flin-8 added this to the 2019.3.8 milestone Aug 6, 2019
@flin-8 flin-8 closed this Aug 6, 2019
@flin-8 flin-8 changed the title Placeholder for #4150 2019.3 Addressed security issue, details TBA Aug 7, 2019
@flin-8 flin-8 changed the title Addressed security issue, details TBA TentacleProxyPassword logged in clear text if $env:HTTP_PROXY is printed and password contains special characters Aug 16, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.