admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-155xx/CVE-2019-15508.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

127 lines
3.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-15508",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-08-23T06:15:10.540",
"lastModified": "2024-11-21T04:28:53.763",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The fix was back-ported to 4.0.7."
},
{
"lang": "es",
"value": "En las versiones 3.0.8 a 5.0.0 de Octopus Tentacle, cuando se configura un proxy de solicitud web, un usuario autenticado (en determinadas circunstancias limitadas de OctopusPrintVariables) podr\u00eda desencadenar una implementaci\u00f3n que escriba la contrase\u00f1a de proxy de solicitud web en el inicio de sesi\u00f3n de implementaci\u00f3n texto claro. Esto se corrige en 5.0.1. La correcci\u00f3n fue back-ported a 4.0.7."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"baseScore": 3.5,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
},
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:octopus:server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.8",
"versionEndIncluding": "2019.7.6",
"matchCriteriaId": "1A4E0CD9-F285-47B0-9CAF-426FAE6570CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:octopus:tentacle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.8",
"versionEndIncluding": "5.0.0",
"matchCriteriaId": "76D1B1C1-817F-4F76-9848-0DA549D1AA37"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/OctopusDeploy/Issues/issues/5750",
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/OctopusDeploy/Issues/issues/5750",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink