cbcvebase.
CVE-2023-2247
published 2023-05-02

CVE-2023-2247: In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function

PriorityP426medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.45%
35.9th percentile
In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function

Affected

6 ranges
VendorProductVersion rangeFixed in
octopusoctopus_deploy>= 2018.3.0 < 2022.3.109292022.3.10929
octopusoctopus_deploy>= 2022.4.0 < 2022.4.83192022.4.8319
octopus_deployoctopus_server>= 2018.3.0 < unspecifiedunspecified
octopus_deployoctopus_server>= unspecified < 2022.3.109292022.3.10929
octopus_deployoctopus_server>= unspecified < 2022.4.7912022.4.791
octopus_deployoctopus_server>= unspecified < 2022.4.83192022.4.8319
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.