CVE-2019-14268

{"id": "CVE-2019-14268", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-07-25T16:15:13.260", "references": [{"url": "https://github.com/OctopusDeploy/Issues/issues/5739", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/OctopusDeploy/Issues/issues/5739", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authenticated user (in certain limited circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.3. The fix was back-ported to LTS 2019.6.5 as well as LTS 2019.3.7."}, {"lang": "es", "value": "En Octopus Deploy versiones 3.0.19 hasta 2019.7.2, cuando es configurado un proxy de petici\u00f3n web, un usuario autenticado (en ciertas circunstancias limitadas) podr\u00eda desencadenar un despliegue que escribe la contrase\u00f1a del proxy de petici\u00f3n web en el registro de implementaci\u00f3n en texto sin cifrar. Esto se corrige en versi\u00f3n 2019.7.3. La correcci\u00f3n fue respaldada para versi\u00f3n LTS 2019.6.5 as\u00ed como para versi\u00f3n LTS 2019.3.7."}], "lastModified": "2024-11-21T04:26:20.130", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:octopus:octopus_deploy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17BFCFB1-B174-4F17-BD8A-D8664AF4B397", "versionEndIncluding": "2019.7.2", "versionStartIncluding": "3.0.19"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}