CVE-2022-3460
EUVD-2022-4283203.01.2023, 00:15
In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| octopus | octopus_server | 2018.1.0 ≤ 𝑥 < 2022.3.10750 |
| octopus | octopus_server | 2022.4 ≤ 𝑥 < 2022.4.8063 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-212 - Improper Removal of Sensitive Information Before Storage or TransferThe product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.