CVE-2022-3460

EPSS 0.4%
Veröffentlicht 03.01.2023 00:15:10
Zuletzt bearbeitet 10.04.2025 16:15:22
Quelle security@octopus.com
CVE-Watchlists
Login
Unerledigt
Login

In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Octopus ≫ Octopus Server Version >= 2018.1.0 < 2022.3.10750

Octopus ≫ Octopus Server Version >= 2022.4 < 2022.4.8063

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.4%	0.601

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

https://advisories.octopus.com/post/2022/sa2022-25/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-3460

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3460

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3460

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-3460