Passwords written to deployment log in plain-text #6563
Labels
area/security
kind/bug
This issue represents a verified problem we are committed to solving
priority
(obsolete) This issue has been recognised as a priority and should be addressed as soon as possible
tag/regression
This issue was addressed and shipped, but subsequently broken in another release
Milestone
Description
A regression was introduced that caused certain passwords to be written to the deployment log without being masked. This only affects deployment processes that ran steps on the server/worker (not on targets).
Affected versions
Octopus Server: 2020.3.0 - 2020.3.3
Links
CVE: CVE-2020-24566
Internal issue: https://github.com/OctopusDeploy/OctopusDeploy/issues/6753
PR: https://github.com/OctopusDeploy/OctopusDeploy/pull/6749
The text was updated successfully, but these errors were encountered: