Plaintext Logging of Customer API Key in OctopusDSC

Plaintext Logging of Customer API Key in OctopusDSC

CVE-2021-21270 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is patched in version 4.0.1002.

Learn more about our Cis Benchmark Audit For Server Software.