Cross site request forgery (csrf)

2019-08-2306:15:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.4%

JSON

In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The fix was back-ported to 4.0.7.

CPENameOperatorVersion
serverge3.0.8
serverle2019.7.6
tentaclege3.0.8
tentaclele5.0.0

Name	Operator	Version
server	ge	3.0.8
server	le	2019.7.6
tentacle	ge	3.0.8
tentacle	le	5.0.0

References

github.com/OctopusDeploy/Issues/issues/5750