2 matches found
Cross site request forgery (csrf)
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user in certain limited special-characters circumstances could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. T...
CVE-2019-15507
Octopus Deploy exposes a vulnerability (CVE-2019-15507) affecting versions 2018.8.4 to 2019.7.6 where, if a web request proxy is configured and the user is authenticated, a deployment could cause the web proxy password to be logged in cleartext. The issue is fixed in 2019.7.7, with back-ports to ...