When Octopus is configured to behind a load balancer, and SSL offloading is configured, Octopus will sometimes send the CSRF cookie without the secure attribute.
This thread has been automatically locked since there has not been any recent activity after it was closed. If you think you've found a related issue, please contact our support team so we can triage your issue, and make sure it's handled appropriately.
lockbot
locked as resolved and limited conversation to collaborators
Feb 28, 2020
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
kind/bugThis issue represents a verified problem we are committed to solving
2 participants
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.
When Octopus is configured to behind a load balancer, and SSL offloading is configured, Octopus will sometimes send the CSRF cookie without the
secureattribute.CVE:
CVE-2019-19375Relates to https://github.com/OctopusDeploy/OctopusDeploy/issues/4763
The text was updated successfully, but these errors were encountered: