- Description
- In affected versions of Octopus Deploy where customers are using Active Directory for authentication it was possible for an unauthenticated user to make an API request against two endpoints which would retrieve some data from the associated Active Directory. The requests when crafted correctly would return specific information from user profiles (Email address/UPN and Display name) from one endpoint and group information ( Group ID and Display name) from the other. This vulnerability does not expose data within the Octopus Server product itself.
- Source
- security@octopus.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 6.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-648
- Hype score
- Not currently trending
🚨 CVE-2025-0589 🟠 MEDIUM (6.9) 🏢 Octopus Deploy - Octopus Server 🏗️ 2020.3.3 🔗 https://t.co/LWWjXmXwT1 #CyberCron #VulnAlert https://t.co/9rL8T85XzA
@cybercronai
11 Feb 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0589 Information Disclosure in Octopus Deploy Active Directory Authenti... https://t.co/cZpZRyzl9u Customizable Vulnerability Alerts: https://t.co/U7998fz7yk
@VulmonFeeds
11 Feb 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0589 In affected versions of Octopus Deploy where customers are using Active Directory for authentication it was possible for an unauthenticated user to make an API request … https://t.co/E2HYbI4IQK
@CVEnew
11 Feb 2025
330 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes