CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-24566

In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4.1, if an authenticated user creates a deployment or runbook process using Azure steps and sets the step's execution location to run on the server/worker, then (under certain circumstances) the account password is exposed in cleartext in the verbose task logs output.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.015

EPSS Ranking 79.7%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 4.3

References

Products affected by CVE-2020-24566

Octopus » Octopus Deploy » Version: 2020.3

cpe:2.3:a:octopus:octopus_deploy:2020.3
Octopus » Octopus Deploy » Version: 2020.3.0

cpe:2.3:a:octopus:octopus_deploy:2020.3.0
Octopus » Octopus Deploy » Version: 2020.3.1

cpe:2.3:a:octopus:octopus_deploy:2020.3.1
Octopus » Octopus Deploy » Version: 2020.3.2

cpe:2.3:a:octopus:octopus_deploy:2020.3.2
Octopus » Octopus Deploy » Version: 2020.3.3

cpe:2.3:a:octopus:octopus_deploy:2020.3.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-24566

Products

Pricing

Contact Us