cbcvebase.
CVE-2022-3460
published 2023-01-03

CVE-2022-3460: In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.

PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.56%
42.3th percentile
In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.

Affected

12 ranges
VendorProductVersion rangeFixed in
octopusoctopus_server>= 2018.1.0 < 2022.3.107502022.3.10750
octopusoctopus_server>= 2022.4 < 2022.4.80632022.4.8063
octopus_deployoctopus_server>= 2018.3.1 < unspecifiedunspecified
octopus_deployoctopus_server>= 2022.1.2121 < unspecifiedunspecified
octopus_deployoctopus_server>= 2022.2.7897 < unspecifiedunspecified
octopus_deployoctopus_server>= 2022.3.348 < unspecifiedunspecified
octopus_deployoctopus_server>= 2022.4.791 < unspecifiedunspecified
octopus_deployoctopus_server>= unspecified < 2021.3.131502021.3.13150
octopus_deployoctopus_server>= unspecified < 2022.1.32812022.1.3281
octopus_deployoctopus_server>= unspecified < 2022.2.85522022.2.8552
octopus_deployoctopus_server>= unspecified < 2022.3.107502022.3.10750
octopus_deployoctopus_server>= unspecified < 2022.4.82212022.4.8221

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.