5 matches found
CVE-2025-0589
In affected versions of Octopus Deploy where customers are using Active Directory for authentication it was possible for an unauthenticated user to make an API request against two endpoints which would retrieve some data from the associated Active Directory. The requests when crafted correctly...
CVE-2025-0589
creationtimestamp| type| source ---|---|--- 2025-02-11 09:07:36+00:00| seen| https://infosec.exchange/users/cve/statuses/113984461326734280 2025-02-11 09:15:26+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhvd3yaouk23 2025-02-11 11:29:52+00:00| seen|...
CVE-2025-0589
In affected versions of Octopus Deploy where customers are using Active Directory for authentication it was possible for an unauthenticated user to make an API request against two endpoints which would retrieve some data from the associated Active Directory. The requests when crafted correctly...
CVE-2025-0589
CVE-2025-0589 affects Octopus Deploy when using Active Directory for authentication. An unauthenticated actor can issue API requests to two endpoints and retrieve data from the associated AD: one endpoint returns user profile details (Email address/UPN and Display name); the other returns group i...
CVE-2025-0589
In affected versions of Octopus Deploy where customers are using Active Directory for authentication it was possible for an unauthenticated user to make an API request against two endpoints which would retrieve some data from the associated Active Directory. The requests when crafted correctly...