CVE-2020-25825

In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
octopusoctopus_deploy
3.1.0 ≤
𝑥
≤ 2020.4.0
𝑥
= Vulnerable software versions
References
https://github.com/OctopusDeploy/Issues/issues/6604
https://github.com/OctopusDeploy/Issues/issues/6605
https://github.com/OctopusDeploy/Issues/issues/6606
https://github.com/OctopusDeploy/Issues/issues/6607
https://github.com/OctopusDeploy/Issues/issues/6604
https://github.com/OctopusDeploy/Issues/issues/6605
https://github.com/OctopusDeploy/Issues/issues/6606
https://github.com/OctopusDeploy/Issues/issues/6607