Password Exposure in Octopus Deploy 2018.5.1 to 2018.5.7

Password Exposure in Octopus Deploy 2018.5.1 to 2018.5.7

CVE-2018-12089 · LOW Severity

AV:N/AC:M/AU:S/C:P/I:N/A:N

In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. This is fixed in 2018.6.0.

Learn more about our Azure Audit.