2310 matches found
Octopus Deploy Information Disclosure Vulnerability (CNVD-2019-29123)
Octopus Deploy is an automation tool for .NET, Java and other application development and deployment from Octopus Deploy Australia. An information disclosure vulnerability exists in Octopus Deploy versions 2018.8.4 through 2019.7.6, which can be exploited by unauthorized attackers to obtain...
CVE-2019-15507
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user in certain limited special-characters circumstances could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. T...
CVE-2019-15507
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user in certain limited special-characters circumstances could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. T...
Cross site request forgery (csrf)
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user in certain limited special-characters circumstances could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. T...
CVE-2019-15507
Octopus Deploy exposes a vulnerability (CVE-2019-15507) affecting versions 2018.8.4 to 2019.7.6 where, if a web request proxy is configured and the user is authenticated, a deployment could cause the web proxy password to be logged in cleartext. The issue is fixed in 2019.7.7, with back-ports to ...
CVE-2019-15507
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user in certain limited special-characters circumstances could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. T...
CVE-2019-14525
In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call...
CVE-2019-14525
In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call...
Design/Logic Flaw
In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call...
CVE-2019-14525
The CVE-2019-14525 affects Octopus Deploy versions 2019.4.0–2019.6.x before 2019.6.6 and 2019.7.x before 2019.7.6, where an authenticated system administrator can view sensitive values via a server configuration page or API call. Root cause: insufficient access control on configuration data expos...
CVE-2019-14525
In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call...
Design/Logic Flaw
routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks...
CVE-2019-14544
CVE-2019-14544 affects Gogs 0.11.86 where routes/api/v1/api.go fails to perform permission checks for deploy keys, collaborators, and hooks. The root cause is improper access control in the vulnerable routes, enabling unauthorized access to these endpoints. NVD lists a high/critical impact with n...
PT-2019-13743 · Gogs · Gogs
Name of the Vulnerable Software and Affected Versions: Gogs version 0.11.86 Description: The issue concerns insecure permissions in Gogs, specifically affecting routes related to deploy keys, collaborators, and hooks. This is due to a lack of permission checks in the routes/api/v1/api.go file...
Octopus Deploy Log Message Disclosure Vulnerability
Octopus Deploy is an automation tool for .NET, Java and other application development and deployment from Octopus Deploy Australia. Octopus Deploy suffers from a log information disclosure vulnerability that originates when the program writes the Web Request Proxy password in plaintext to the...
CVE-2019-14268
In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authenticated user in certain limited circumstances could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.3. The fix was back-porte...
CVE-2019-14268
In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authenticated user in certain limited circumstances could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.3. The fix was back-porte...
Cross site request forgery (csrf)
In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authenticated user in certain limited circumstances could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.3. The fix was back-porte...
CVE-2019-14268
CVE-2019-14268 affects Octopus Deploy versions 3.0.19 through 2019.7.2 where, if a web request proxy is configured, an authenticated user could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. The issue is fixed in 2019.7.3, with the fix back-por...
CVE-2019-14268
In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authenticated user in certain limited circumstances could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.3. The fix was back-porte...