CVE-2021-21270

2021-01-22T18:15:00
ID CVE-2021-21270
Type cve
Reporter security-advisories@github.com
Modified 2021-02-01T16:37:00

Description

OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is patched in version 4.0.1002.