Vulnerabilities > CVE-2019-14525 - Unspecified vulnerability in Octopus Deploy and Octopus Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call.
Vulnerable Configurations
References
- https://github.com/OctopusDeploy/Issues/issues/5753
- https://github.com/OctopusDeploy/Issues/issues/5753
- https://github.com/OctopusDeploy/Issues/issues/5754
- https://github.com/OctopusDeploy/Issues/issues/5754
- https://octopus.com/downloads/compare?from=2019.6.6&to=2019.7.7
- https://octopus.com/downloads/compare?from=2019.6.6&to=2019.7.7