Vulnerability Details CVE-2021-21270
OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is patched in version 4.0.1002.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.1%
CVSS Severity
CVSS v3 Score 6.2
CVSS v2 Score 2.1
References
- https://github.com/OctopusDeploy/OctopusDSC/commit/24b448e6ac964ed938475add494a145c0473ac42
- https://github.com/OctopusDeploy/OctopusDSC/pull/270
- https://github.com/OctopusDeploy/OctopusDSC/releases/tag/v4.0.1002
- https://github.com/OctopusDeploy/OctopusDSC/security/advisories/GHSA-phmm-rfg9-94fm
- https://github.com/OctopusDeploy/OctopusDSC/commit/24b448e6ac964ed938475add494a145c0473ac42
- https://github.com/OctopusDeploy/OctopusDSC/pull/270
- https://github.com/OctopusDeploy/OctopusDSC/releases/tag/v4.0.1002
- https://github.com/OctopusDeploy/OctopusDSC/security/advisories/GHSA-phmm-rfg9-94fm
Products affected by CVE-2021-21270
-
cpe:2.3:a:octopus:octopusdsc:2.0.103
-
cpe:2.3:a:octopus:octopusdsc:2.0.104
-
cpe:2.3:a:octopus:octopusdsc:2.0.106
-
cpe:2.3:a:octopus:octopusdsc:2.0.118
-
cpe:2.3:a:octopus:octopusdsc:2.0.120
-
cpe:2.3:a:octopus:octopusdsc:2.0.123
-
cpe:2.3:a:octopus:octopusdsc:2.0.136
-
cpe:2.3:a:octopus:octopusdsc:2.0.143
-
cpe:2.3:a:octopus:octopusdsc:2.0.176
-
cpe:2.3:a:octopus:octopusdsc:2.0.179
-
cpe:2.3:a:octopus:octopusdsc:2.0.181
-
cpe:2.3:a:octopus:octopusdsc:3.0.1
-
cpe:2.3:a:octopus:octopusdsc:3.0.105
-
cpe:2.3:a:octopus:octopusdsc:3.0.11
-
cpe:2.3:a:octopus:octopusdsc:3.0.13
-
cpe:2.3:a:octopus:octopusdsc:3.0.140
-
cpe:2.3:a:octopus:octopusdsc:3.0.141
-
cpe:2.3:a:octopus:octopusdsc:3.0.142
-
cpe:2.3:a:octopus:octopusdsc:3.0.146
-
cpe:2.3:a:octopus:octopusdsc:3.0.147
-
cpe:2.3:a:octopus:octopusdsc:3.0.148
-
cpe:2.3:a:octopus:octopusdsc:3.0.149
-
cpe:2.3:a:octopus:octopusdsc:3.0.150
-
cpe:2.3:a:octopus:octopusdsc:3.0.153
-
cpe:2.3:a:octopus:octopusdsc:3.0.167
-
cpe:2.3:a:octopus:octopusdsc:3.0.168
-
cpe:2.3:a:octopus:octopusdsc:3.0.169
-
cpe:2.3:a:octopus:octopusdsc:3.0.17
-
cpe:2.3:a:octopus:octopusdsc:3.0.187
-
cpe:2.3:a:octopus:octopusdsc:3.0.2
-
cpe:2.3:a:octopus:octopusdsc:3.0.27
-
cpe:2.3:a:octopus:octopusdsc:3.0.28
-
cpe:2.3:a:octopus:octopusdsc:3.0.39
-
cpe:2.3:a:octopus:octopusdsc:3.0.4
-
cpe:2.3:a:octopus:octopusdsc:3.0.45
-
cpe:2.3:a:octopus:octopusdsc:3.0.6
-
cpe:2.3:a:octopus:octopusdsc:3.0.62
-
cpe:2.3:a:octopus:octopusdsc:3.0.65
-
cpe:2.3:a:octopus:octopusdsc:3.0.7
-
cpe:2.3:a:octopus:octopusdsc:3.0.70
-
cpe:2.3:a:octopus:octopusdsc:3.0.72
-
cpe:2.3:a:octopus:octopusdsc:3.0.74
-
cpe:2.3:a:octopus:octopusdsc:3.0.78
-
cpe:2.3:a:octopus:octopusdsc:3.0.81
-
cpe:2.3:a:octopus:octopusdsc:3.0.84
-
cpe:2.3:a:octopus:octopusdsc:3.0.92
-
cpe:2.3:a:octopus:octopusdsc:3.0.94
-
cpe:2.3:a:octopus:octopusdsc:3.0.98
-
cpe:2.3:a:octopus:octopusdsc:4.0.190
-
cpe:2.3:a:octopus:octopusdsc:4.0.194
-
cpe:2.3:a:octopus:octopusdsc:4.0.198
-
cpe:2.3:a:octopus:octopusdsc:4.0.205
-
cpe:2.3:a:octopus:octopusdsc:4.0.208
-
cpe:2.3:a:octopus:octopusdsc:4.0.217
-
cpe:2.3:a:octopus:octopusdsc:4.0.220
-
cpe:2.3:a:octopus:octopusdsc:4.0.226
-
cpe:2.3:a:octopus:octopusdsc:4.0.227
-
cpe:2.3:a:octopus:octopusdsc:4.0.235
-
cpe:2.3:a:octopus:octopusdsc:4.0.242
-
cpe:2.3:a:octopus:octopusdsc:4.0.244
-
cpe:2.3:a:octopus:octopusdsc:4.0.247
-
cpe:2.3:a:octopus:octopusdsc:4.0.249
-
cpe:2.3:a:octopus:octopusdsc:4.0.250
-
cpe:2.3:a:octopus:octopusdsc:4.0.253
-
cpe:2.3:a:octopus:octopusdsc:4.0.258
-
cpe:2.3:a:octopus:octopusdsc:4.0.284
-
cpe:2.3:a:octopus:octopusdsc:4.0.303
-
cpe:2.3:a:octopus:octopusdsc:4.0.327
-
cpe:2.3:a:octopus:octopusdsc:4.0.347
-
cpe:2.3:a:octopus:octopusdsc:4.0.357
-
cpe:2.3:a:octopus:octopusdsc:4.0.358
-
cpe:2.3:a:octopus:octopusdsc:4.0.360
-
cpe:2.3:a:octopus:octopusdsc:4.0.362
-
cpe:2.3:a:octopus:octopusdsc:4.0.365
-
cpe:2.3:a:octopus:octopusdsc:4.0.368
-
cpe:2.3:a:octopus:octopusdsc:4.0.376
-
cpe:2.3:a:octopus:octopusdsc:4.0.382
-
cpe:2.3:a:octopus:octopusdsc:4.0.384
-
cpe:2.3:a:octopus:octopusdsc:4.0.394
-
cpe:2.3:a:octopus:octopusdsc:4.0.401
-
cpe:2.3:a:octopus:octopusdsc:4.0.403
-
cpe:2.3:a:octopus:octopusdsc:4.0.408
-
cpe:2.3:a:octopus:octopusdsc:4.0.416
-
cpe:2.3:a:octopus:octopusdsc:4.0.419
-
cpe:2.3:a:octopus:octopusdsc:4.0.423
-
cpe:2.3:a:octopus:octopusdsc:4.0.425
-
cpe:2.3:a:octopus:octopusdsc:4.0.432
-
cpe:2.3:a:octopus:octopusdsc:4.0.433
-
cpe:2.3:a:octopus:octopusdsc:4.0.447
-
cpe:2.3:a:octopus:octopusdsc:4.0.449
-
cpe:2.3:a:octopus:octopusdsc:4.0.522
-
cpe:2.3:a:octopus:octopusdsc:4.0.537
-
cpe:2.3:a:octopus:octopusdsc:4.0.538
-
cpe:2.3:a:octopus:octopusdsc:4.0.553
-
cpe:2.3:a:octopus:octopusdsc:4.0.579
-
cpe:2.3:a:octopus:octopusdsc:4.0.583
-
cpe:2.3:a:octopus:octopusdsc:4.0.587
-
cpe:2.3:a:octopus:octopusdsc:4.0.588
-
cpe:2.3:a:octopus:octopusdsc:4.0.618
-
cpe:2.3:a:octopus:octopusdsc:4.0.620
-
cpe:2.3:a:octopus:octopusdsc:4.0.623
-
cpe:2.3:a:octopus:octopusdsc:4.0.625
-
cpe:2.3:a:octopus:octopusdsc:4.0.626
-
cpe:2.3:a:octopus:octopusdsc:4.0.629
-
cpe:2.3:a:octopus:octopusdsc:4.0.639
-
cpe:2.3:a:octopus:octopusdsc:4.0.640
-
cpe:2.3:a:octopus:octopusdsc:4.0.659
-
cpe:2.3:a:octopus:octopusdsc:4.0.689
-
cpe:2.3:a:octopus:octopusdsc:4.0.693
-
cpe:2.3:a:octopus:octopusdsc:4.0.713
-
cpe:2.3:a:octopus:octopusdsc:4.0.732
-
cpe:2.3:a:octopus:octopusdsc:4.0.733
-
cpe:2.3:a:octopus:octopusdsc:4.0.743
-
cpe:2.3:a:octopus:octopusdsc:4.0.745
-
cpe:2.3:a:octopus:octopusdsc:4.0.746
-
cpe:2.3:a:octopus:octopusdsc:4.0.752
-
cpe:2.3:a:octopus:octopusdsc:4.0.762
-
cpe:2.3:a:octopus:octopusdsc:4.0.769
-
cpe:2.3:a:octopus:octopusdsc:4.0.770
-
cpe:2.3:a:octopus:octopusdsc:4.0.776
-
cpe:2.3:a:octopus:octopusdsc:4.0.782
-
cpe:2.3:a:octopus:octopusdsc:4.0.800
-
cpe:2.3:a:octopus:octopusdsc:4.0.801
-
cpe:2.3:a:octopus:octopusdsc:4.0.805
-
cpe:2.3:a:octopus:octopusdsc:4.0.807
-
cpe:2.3:a:octopus:octopusdsc:4.0.810
-
cpe:2.3:a:octopus:octopusdsc:4.0.816
-
cpe:2.3:a:octopus:octopusdsc:4.0.829
-
cpe:2.3:a:octopus:octopusdsc:4.0.831
-
cpe:2.3:a:octopus:octopusdsc:4.0.834
-
cpe:2.3:a:octopus:octopusdsc:4.0.837
-
cpe:2.3:a:octopus:octopusdsc:4.0.843
-
cpe:2.3:a:octopus:octopusdsc:4.0.872
-
cpe:2.3:a:octopus:octopusdsc:4.0.876
-
cpe:2.3:a:octopus:octopusdsc:4.0.880
-
cpe:2.3:a:octopus:octopusdsc:4.0.881
-
cpe:2.3:a:octopus:octopusdsc:4.0.883
-
cpe:2.3:a:octopus:octopusdsc:4.0.884
-
cpe:2.3:a:octopus:octopusdsc:4.0.889
-
cpe:2.3:a:octopus:octopusdsc:4.0.891
-
cpe:2.3:a:octopus:octopusdsc:4.0.896
-
cpe:2.3:a:octopus:octopusdsc:4.0.897
-
cpe:2.3:a:octopus:octopusdsc:4.0.900
-
cpe:2.3:a:octopus:octopusdsc:4.0.903
-
cpe:2.3:a:octopus:octopusdsc:4.0.917
-
cpe:2.3:a:octopus:octopusdsc:4.0.924
-
cpe:2.3:a:octopus:octopusdsc:4.0.929
-
cpe:2.3:a:octopus:octopusdsc:4.0.932
-
cpe:2.3:a:octopus:octopusdsc:4.0.934
-
cpe:2.3:a:octopus:octopusdsc:4.0.957
-
cpe:2.3:a:octopus:octopusdsc:4.0.977