CVE-2022-1901

Summary

In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview.

Affected Software

VendorProductVersion RangeStatus
Octopus DeployOctopus Server2019.7.3 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.1.3009affected
Octopus DeployOctopus Server2022.2.6729 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.2.7244affected
Octopus DeployOctopus Server2022.3.348 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2022.3.4953affected

Weaknesses

  • Sensitive Variable Exposure

ADP Enrichment

CVE Program Container

Additional References

References