CVE-2024-6972

Summary

In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text.

Affected Software

VendorProductVersion RangeStatus
Octopus DeployOctopus Server2024.1 < 2024.1.12759affected
Octopus DeployOctopus Server2024.2 < 2024.2.9193affected

Weaknesses

  • Sensitive Variables exposed in TaskLogs

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References