CVE-2019-19375
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. (The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8.)
En Octopus Deploy versiones anteriores a la versión 2019.10.7, en una configuración donde la descarga SSL está habilitada, la cookie CSRF algunas veces fue enviada sin el atributo seguro. (La corrección para esto fue incluida en las versiones LTS 2019.6.14 y 2019.9.8.)
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-11-28 CVE Reserved
- 2019-11-28 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://github.com/OctopusDeploy/Issues/issues/5998 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Octopus Search vendor "Octopus" | Octopus Deploy Search vendor "Octopus" for product "Octopus Deploy" | < 2019.10.7 Search vendor "Octopus" for product "Octopus Deploy" and version " < 2019.10.7" | - |
Affected
| ||||||
| Octopus Search vendor "Octopus" | Octopus Deploy Search vendor "Octopus" for product "Octopus Deploy" | >= 2019.6.0 < 2019.6.14 Search vendor "Octopus" for product "Octopus Deploy" and version " >= 2019.6.0 < 2019.6.14" | lts |
Affected
| ||||||
| Octopus Search vendor "Octopus" | Octopus Deploy Search vendor "Octopus" for product "Octopus Deploy" | >= 2019.9.0 < 2019.9.8 Search vendor "Octopus" for product "Octopus Deploy" and version " >= 2019.9.0 < 2019.9.8" | lts |
Affected
| ||||||