DOPPLER-PSA-2021-001: Doppler Product Security Advisory
Doppler has found and resolved an issue that allowed users on a workplace to exceed their privileges against some endpoints. Customers are not required to take any action in response to this issue and this issue was not exploited.
DOPPLER-PSA-2022-001: Doppler Product Security Advisory
Doppler has found and resolved an issue where FullStory recordings made on the Doppler Dashboard's Secret and Config Compare pages were not correctly masking secrets. Customers are not required to take any action in response to this issue.
DOPPLER-PSA-2022-002: Kubernetes Operator Security Advisory
Doppler has resolved a low severity vulnerability in the Doppler Kubernetes Operator which allowed users to access Kubernetes namespaces that they were not otherwise authorized for. Customers are advised to update to Kubernetes Operator v1.2.0.
DOPPLER-PSA-2023-001: Doppler Product Security Advisory
Doppler has found and resolved an issue that allowed users on a workplace to exceed their privileges under certain Group configurations. Customers are not required to take any action in response to this issue.
DOPPLER-PSA-2023-002: Doppler Product Security Advisory
Doppler has found and resolved an issue that allowed users in a workplace to exceed their privileges under certain Group configurations. Customers are not required to take any action in response to this issue.
DOPPLER-PSA-2023-003: Doppler Product Security Advisory
Doppler has found and resolved an issue that allowed users in a workplace with the built-in “Admin” role to exceed their privileges using custom roles. Customers are not required to take any action in response to this issue.
DOPPLER-PSA-2024-001: Doppler Product Security Advisory
Doppler has found and resolved an issue where sensitive customer data, including secrets, may have been sent to BugSnag under rare error conditions. Customers are not required to take any action in response to this issue.
DOPPLER-PSA-2024-002: Doppler Product Security Advisory
Doppler has found and resolved an issue where any user who belongs to a GitHub organization could link a preexisting Doppler GitHub App in that organization to a new Doppler workplace. Customers who are required to take action have received an email.
DOPPLER-PSA-2024-003: Doppler Product Security Advisory
Doppler has found and resolved an issue where a user or service account with specific custom workplace permissions could access projects with more permissions than they have configured.
DOPPLER-PSA-2024-004: Doppler Product Security Advisory
Doppler has found and resolved an issue where secret values that were revealed via the Dashboard’s secret version history tab were not tracked.