CVE-2019-15508

{"id": "CVE-2019-15508", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-08-23T06:15:10.540", "references": [{"url": "https://github.com/OctopusDeploy/Issues/issues/5750", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/OctopusDeploy/Issues/issues/5750", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-312"}, {"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The fix was back-ported to 4.0.7."}, {"lang": "es", "value": "En las versiones 3.0.8 a 5.0.0 de Octopus Tentacle, cuando se configura un proxy de solicitud web, un usuario autenticado (en determinadas circunstancias limitadas de OctopusPrintVariables) podr\u00eda desencadenar una implementaci\u00f3n que escriba la contrase\u00f1a de proxy de solicitud web en el inicio de sesi\u00f3n de implementaci\u00f3n texto claro. Esto se corrige en 5.0.1. La correcci\u00f3n fue back-ported a 4.0.7."}], "lastModified": "2024-11-21T04:28:53.763", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:octopus:server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A4E0CD9-F285-47B0-9CAF-426FAE6570CF", "versionEndIncluding": "2019.7.6", "versionStartIncluding": "3.0.8"}, {"criteria": "cpe:2.3:a:octopus:tentacle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76D1B1C1-817F-4F76-9848-0DA549D1AA37", "versionEndIncluding": "5.0.0", "versionStartIncluding": "3.0.8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}