CVE-2021-21270

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-21270

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-21270.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-21270

Aliases

GHSA-phmm-rfg9-94fm

Published

2021-01-22T18:15:12.687Z

Modified

2026-05-18T13:49:46.128420Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is patched in version 4.0.1002.

References

Affected packages

Git / github.com/octopusdeploy/octopusdsc

Affected ranges

Type

GIT

Repo

https://github.com/octopusdeploy/octopusdsc

Events

Introduced

Fixed

24b448e6ac964ed938475add494a145c0473ac42

Database specific

{
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:octopus:octopusdsc:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.0.1002"
        }
    ]
}

Affected versions

v2.*

v2.0.103

v2.0.104

v2.0.106

v2.0.118

v2.0.120

v2.0.123

v2.0.136

v3.*

v3.0.1

v3.0.105

v3.0.140

v3.0.141

v3.0.142

v3.0.146

v3.0.147

v3.0.148

v3.0.149

v3.0.150

v3.0.153

v3.0.167

v3.0.168

v3.0.169

v3.0.17

v3.0.187

v3.0.2

v3.0.27

v3.0.28

v3.0.39

v3.0.4

v3.0.45

v3.0.6

v3.0.62

v3.0.65

v3.0.7

v3.0.70

v3.0.72

v3.0.74

v3.0.78

v3.0.81

v3.0.84

v3.0.92

v3.0.94

v3.0.98

v4.*

v4.0.190

v4.0.194

v4.0.198

v4.0.205

v4.0.208

v4.0.217

v4.0.220

v4.0.226

v4.0.227

v4.0.235

v4.0.242

v4.0.244

v4.0.247

v4.0.249

v4.0.250

v4.0.253

v4.0.258

v4.0.284

v4.0.303

v4.0.327

v4.0.347

v4.0.357

v4.0.358

v4.0.360

v4.0.362

v4.0.365

v4.0.368

v4.0.376

v4.0.382

v4.0.384

v4.0.394

v4.0.401

v4.0.403

v4.0.408

v4.0.416

v4.0.419

v4.0.423

v4.0.425

v4.0.432

v4.0.433

v4.0.447

v4.0.449

v4.0.522

v4.0.537

v4.0.538

v4.0.553

v4.0.579

v4.0.583

v4.0.587

v4.0.588

v4.0.618

v4.0.620

v4.0.623

v4.0.625

v4.0.626

v4.0.629

v4.0.639

v4.0.640

v4.0.659

v4.0.689

v4.0.693

v4.0.713

v4.0.732

v4.0.733

v4.0.743

v4.0.745

v4.0.746

v4.0.752

v4.0.762

v4.0.769

v4.0.770

v4.0.776

v4.0.782

v4.0.800

v4.0.801

v4.0.805

v4.0.807

v4.0.810

v4.0.816

v4.0.829

v4.0.831

v4.0.834

v4.0.837

v4.0.843

v4.0.872

v4.0.876

v4.0.880

v4.0.881

v4.0.883

v4.0.884

v4.0.889

v4.0.891

v4.0.896

v4.0.897

v4.0.900

v4.0.903

v4.0.917

v4.0.924

v4.0.929

v4.0.932

v4.0.934

v4.0.957

v4.0.977

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-21270.json"