Unrated severityNVD Advisory· Published Jan 22, 2021· Updated Aug 3, 2024

Cleartext Storage of Sensitive Information

CVE-2021-21270

Description

OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is patched in version 4.0.1002.

Affected products

Octopus/Octopusdscv5
Range: < 4.0.1002

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/OctopusDeploy/OctopusDSC/commit/24b448e6ac964ed938475add494a145c0473ac42mitrex_refsource_MISC
github.com/OctopusDeploy/OctopusDSC/pull/270mitrex_refsource_MISC
github.com/OctopusDeploy/OctopusDSC/releases/tag/v4.0.1002mitrex_refsource_MISC
github.com/OctopusDeploy/OctopusDSC/security/advisories/GHSA-phmm-rfg9-94fmmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000