First published: Thu Nov 28 2019(Updated: )
In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. (The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8.)
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Octopus Octopus Deploy | <2019.10.7 | |
Octopus Octopus Deploy | >=2019.6.0<2019.6.14 | |
Octopus Octopus Deploy | >=2019.9.0<2019.9.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.