CVE-2019-15698

In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, an authenticated user with VariableView permissions could view sensitive values. This is fixed in 2019.7.10.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
octopusoctopus_server
2019.7.3 ≤
𝑥
≤ 2019.7.9
𝑥
= Vulnerable software versions
References
https://github.com/OctopusDeploy/Issues/issues/5810
https://github.com/OctopusDeploy/Issues/issues/5810