PT-2025-1787 · Octopus · Octopus Kubernetes Worker+1
Published
2025-01-16
·
Updated
2025-01-16
·
CVE-2024-12226
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Octopus Kubernetes worker or agent versions 1 through 2
Description
In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. This issue was identified in Version 2, but it was also determined that the issue could be achieved in Version 1.
Recommendations
For versions 1 and 2, apply the fix that has been made to prevent sensitive variables from being written to the Kubernetes script pod log in clear-text.
As a temporary workaround, consider restricting access to the Kubernetes script pod log to minimize the risk of exploitation.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Octopus Kubernetes Agent
Octopus Kubernetes Worker