CVE-2019-15698 : In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, an authen

In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, an authenticated user with VariableView permissions could view sensitive values. This is fixed in 2019.7.10.

Published 2019-08-27 17:15:11

Updated 2022-07-27 16:58:53

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2019-15698

Octopus » Octopus Server
Versions from including (>=) 2019.7.3 and up to, including, (<=) 2019.7.9
cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-15698

EPSS FAQ

0.28%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 49 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-15698

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
4.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	2.8	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

References for CVE-2019-15698

https://github.com/OctopusDeploy/Issues/issues/5810

Sensitive values may be exposed in some circumstances via variable preview - CVE-2019-15698 · Issue #5810 · OctopusDeploy/Issues · GitHub
Third Party Advisory

Jump to

Vulnerability Details : CVE-2019-15698

Products affected by CVE-2019-15698

Exploit prediction scoring system (EPSS) score for CVE-2019-15698

CVSS scores for CVE-2019-15698

References for CVE-2019-15698