Octopus Deploy · Octopusdsc · CVE-2021-21270
Name of the Vulnerable Software and Affected Versions:
OctopusDSC versions 4.0.977 and earlier
Description:
The issue concerns the exposure of a customer API key used to connect to Octopus Server via logging in plaintext. This occurs in the context of OctopusDSC, a PowerShell module with DSC resources for installing and configuring an Octopus Deploy Server and Tentacle agent.
Recommendations:
For OctopusDSC versions 4.0.977 and earlier, update to version 4.0.1002 or later to resolve the issue.