CVE-2021-21270

Опубликовано: 22 янв. 2021

Источник: nvd

CVSS3: 6.2

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is patched in version 4.0.1002.

Ссылки

https://github.com/OctopusDeploy/OctopusDSC/commit/24b448e6ac964ed938475add494a145c0473ac42
Patch
Third Party Advisory
https://github.com/OctopusDeploy/OctopusDSC/pull/270
Patch
Third Party Advisory
https://github.com/OctopusDeploy/OctopusDSC/releases/tag/v4.0.1002
Release Notes
Third Party Advisory
https://github.com/OctopusDeploy/OctopusDSC/security/advisories/GHSA-phmm-rfg9-94fm
Third Party Advisory
https://github.com/OctopusDeploy/OctopusDSC/commit/24b448e6ac964ed938475add494a145c0473ac42
Patch
Third Party Advisory
https://github.com/OctopusDeploy/OctopusDSC/pull/270
Patch
Third Party Advisory
https://github.com/OctopusDeploy/OctopusDSC/releases/tag/v4.0.1002
Release Notes
Third Party Advisory
https://github.com/OctopusDeploy/OctopusDSC/security/advisories/GHSA-phmm-rfg9-94fm
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:octopus:octopusdsc:*:*:*:*:*:*:*:*

Версия до 4.0.1002 (исключая)

EPSS

Процентиль: 13%

0.00042

Низкий

6.2 Medium

CVSS3

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-319

EPSS

Процентиль: 13%

0.00042

Низкий

6.2 Medium

CVSS3

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-319