Helm chart download can leak feed password #6438
Labels
area/security
kind/bug
This issue represents a verified problem we are committed to solving
priority
(obsolete) This issue has been recognised as a priority and should be addressed as soon as possible
Milestone
Prerequisites
Description
In certain circumstances, downloading a package from the helm feed can leak the feed password to a deployment log. This means that an authenticated user could see a password that they would potentially not be authorized to view.
Affected versions
Octopus Server: 2018.8.0 - 2019.12.1
Mitigation
Not a lot of good options here:
Workarounds
None known.
CVE
CVE-2020-14470
The text was updated successfully, but these errors were encountered: