Lucene search

[email protected]CVE-2019-8944

HistoryOct 03, 2022 - 4:19 p.m.

CVE-2019-8944

2022-10-0316:19:35

CWE-532

[email protected]

web.nvd.nist.gov

information exposure

terraform

octopus deploy

cve-2019-8944

nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.8%

JSON

An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (and before 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files.

Affected configurations

NVD

Node

octopusoctopus_deployRange≤2018.9.17

octopusoctopus_deployMatch2018.10.0lts

octopusoctopus_deployMatch2018.10.1lts

octopusoctopus_deployMatch2018.10.2lts

octopusoctopus_deployMatch2018.10.3lts

octopusoctopus_serverRange2018.11.0–2019.1.8

CPENameOperatorVersion
octopus:octopus_deployoctopus octopus deployle2018.9.17
octopus:octopus_deployoctopus octopus deployeq2018.10.0
octopus:octopus_deployoctopus octopus deployeq2018.10.1
octopus:octopus_deployoctopus octopus deployeq2018.10.2
octopus:octopus_deployoctopus octopus deployeq2018.10.3
octopus:octopus_serveroctopus octopus serverlt2019.1.8

CPE	Name	Operator	Version
octopus:octopus_deploy	octopus octopus deploy	le	2018.9.17
octopus:octopus_deploy	octopus octopus deploy	eq	2018.10.0
octopus:octopus_deploy	octopus octopus deploy	eq	2018.10.1
octopus:octopus_deploy	octopus octopus deploy	eq	2018.10.2
octopus:octopus_deploy	octopus octopus deploy	eq	2018.10.3
octopus:octopus_server	octopus octopus server	lt	2019.1.8

References

github.com/OctopusDeploy/Issues/issues/5314

github.com/OctopusDeploy/Issues/issues/5315

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.8%

JSON

Related for CVE-2019-8944

nvd1 prion1 cvelist1