CVE-2022-1901

2022-08-1907:55:08

Octopus

www.cve.org

octopus deploy

sensitive variables

unmasking

variable preview

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

31.3%

JSON

In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview.

CNA Affected

[
  {
    "product": "Octopus Server",
    "vendor": "Octopus Deploy",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "2019.7.3",
        "versionType": "custom"
      },
      {
        "lessThan": "2022.1.3009",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "2022.2.6729",
        "versionType": "custom"
      },
      {
        "lessThan": "2022.2.7244",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "2022.3.348",
        "versionType": "custom"
      },
      {
        "lessThan": "2022.3.4953",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

advisories.octopus.com/post/2022/sa2022-09/