CVE-2022-3460

Description

In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.

Reserved 2022-10-11 | Published 2023-01-02 | Updated 2024-08-03 | Assigner Octopus

Problem types

Exposure of Sensitive Information Through Environmental Variables

Product status

2018.3.1 before unspecified
affected

Any version before 2021.3.13150
affected

2022.1.2121 before unspecified
affected

Any version before 2022.1.3281
affected

2022.2.7897 before unspecified
affected

Any version before 2022.2.8552
affected

2022.3.348 before unspecified
affected

Any version before 2022.3.10750
affected

2022.4.791 before unspecified
affected

Any version before 2022.4.8221
affected

References

advisories.octopus.com/post/2022/sa2022-25/

cve.org (CVE-2022-3460)

nvd.nist.gov (CVE-2022-3460)

Download JSON