What is the CVE-2022-1901 vulnerability?

CVE-2022-1901 allows unmasking of sensitive variables in Octopus Deploy using variable preview functionality.

What versions of Octopus Deploy are affected by CVE-2022-1901?

CVE-2022-1901 affects Octopus Deploy versions between 2019.1.0 and 2022.2.7244.

What is the impact of CVE-2022-1901 on security?

The impact of CVE-2022-1901 is the potential exposure of sensitive information to unauthorized users.

How do I fix CVE-2022-1901?

To mitigate CVE-2022-1901, update to a version of Octopus Deploy that is not affected, specifically above 2022.2.7244.

Is there a workaround for CVE-2022-1901 if I cannot update?

There are no known workarounds for CVE-2022-1901, so updating is recommended for security.

Vulnerability/
CVE-2022-1901

medium

5.3

CWE

269

19/8/2022

3/8/2024

CVE-2022-1901

First published: Fri Aug 19 2022(Updated: )

In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview.

Credit: security@octopus.com

Affected Software	Affected Version	How to fix
Octopus Deploy	>=2019.1.0<=2019.7.3
Octopus Deploy	>=2020.1.0<=2020.6.5449
Octopus Deploy	>=2021.1.6959<=2021.3.13021
Octopus Deploy	>=2022.1.0<2022.1.3009
Octopus Deploy	>=2022.2.6729<2022.2.7244
Octopus Deploy	>=2022.3.348<2022.3.4953
Linux kernel
Microsoft Windows

Remedy

https://advisories.octopus.com/post/2022/sa2022-09/

Never miss a vulnerability like this again

Reference Links

https://advisories.octopus.com/post/2022/sa2022-09/

Frequently Asked Questions

What is the CVE-2022-1901 vulnerability?
CVE-2022-1901 allows unmasking of sensitive variables in Octopus Deploy using variable preview functionality.
What versions of Octopus Deploy are affected by CVE-2022-1901?
CVE-2022-1901 affects Octopus Deploy versions between 2019.1.0 and 2022.2.7244.
What is the impact of CVE-2022-1901 on security?
The impact of CVE-2022-1901 is the potential exposure of sensitive information to unauthorized users.
How do I fix CVE-2022-1901?
To mitigate CVE-2022-1901, update to a version of Octopus Deploy that is not affected, specifically above 2022.2.7244.
Is there a workaround for CVE-2022-1901 if I cannot update?
There are no known workarounds for CVE-2022-1901, so updating is recommended for security.

agent/author
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/weakness
agent/remedy
agent/references
agent/event
agent/first-publish-date
agent/description
agent/softwarecombine
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
vendor/octopus
canonical/octopus deploy
version/octopus deploy/2019.1.0
version/octopus deploy/2019.7.3
version/octopus deploy/2020.1.0
version/octopus deploy/2020.6.5449
version/octopus deploy/2021.1.6959
version/octopus deploy/2021.3.13021
version/octopus deploy/2022.1.0
version/octopus deploy/2022.2.6729
version/octopus deploy/2022.3.348
vendor/linux
canonical/linux kernel
vendor/microsoft
canonical/microsoft windows

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.