漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
In affected versions of Octopus Deploy where customers are using Active Directory for authentication it was possible for an unauthenticated user to make an API request against two endpoints which would retrieve some data from the associated Active Directory. The requests when crafted correctly would return specific information from user profiles (Email address/UPN and Display name) from one endpoint and group information ( Group ID and Display name) from the other. This vulnerability does not expose data within the Octopus Server product itself.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Octopus Server 安全漏洞
Vulnerability Description
Octopus Server是澳大利亚Octopus公司的一个用于持续交付的部署自动化和发布管理工具。 Octopus Server存在安全漏洞,该漏洞源于客户使用Active Directory进行身份验证,未经身份验证的用户可以向两个端点发出API请求,从而从关联的Active Directory中检索一些数据。
CVSS Information
N/A
Vulnerability Type
N/A