Skip to content

Cleartext Storage of Sensitive Information

Moderate
wizedkyle published GHSA-phmm-rfg9-94fm Jan 21, 2021

Package

cTentacleAgent.psm1 (Powershell)

Affected versions

<4.0.977

Patched versions

4.0.1002

Description

Impact

When running Start-DscConfiguration with the -Verbose argument the Octopus Deploy server API key specified in the --apiKey argument is written to stdout in plaintext.

Patches

This vulnerability is patched in version 4.0.1002.

Workarounds

No current workarounds.

For more information

If you have any questions or comments about this advisory:

Severity

Moderate

CVE ID

CVE-2021-21270

Weaknesses

No CWEs