CVE-2019-8944 — MEDIUM (6.5)

Q: How severe is CVE-2019-8944?

CVE-2019-8944 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-8944?

Check the references section above for vendor advisories and patch information. Affected products include: Octopus Octopus Deploy, Octopus Octopus Server.

Vulnerability Description

An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (and before 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Octopus	Octopus Deploy	<= 2018.9.17
Octopus	Octopus Server	>= 2018.11.0, < 2019.1.8

Related Weaknesses (CWE)

CWE-532

References

https://github.com/OctopusDeploy/Issues/issues/5314Third Party Advisory
https://github.com/OctopusDeploy/Issues/issues/5315Third Party Advisory
https://github.com/OctopusDeploy/Issues/issues/5314Third Party Advisory
https://github.com/OctopusDeploy/Issues/issues/5315Third Party Advisory

FAQ

What is CVE-2019-8944?

CVE-2019-8944 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (and before 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variabl...

How severe is CVE-2019-8944?

CVE-2019-8944 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-8944?

Check the references section above for vendor advisories and patch information. Affected products include: Octopus Octopus Deploy, Octopus Octopus Server.