Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Passwords written to deployment log in plain-text #6563

Closed
flin-8 opened this issue Sep 8, 2020 · 1 comment
Closed

Passwords written to deployment log in plain-text #6563

flin-8 opened this issue Sep 8, 2020 · 1 comment
Assignees
Labels
area/security kind/bug This issue represents a verified problem we are committed to solving priority (obsolete) This issue has been recognised as a priority and should be addressed as soon as possible tag/regression This issue was addressed and shipped, but subsequently broken in another release
Milestone

Comments

@flin-8
Copy link

flin-8 commented Sep 8, 2020

Description

A regression was introduced that caused certain passwords to be written to the deployment log without being masked. This only affects deployment processes that ran steps on the server/worker (not on targets).

Affected versions

Octopus Server: 2020.3.0 - 2020.3.3

Links

CVE: CVE-2020-24566
Internal issue: https://github.com/OctopusDeploy/OctopusDeploy/issues/6753
PR: https://github.com/OctopusDeploy/OctopusDeploy/pull/6749

@flin-8 flin-8 added kind/bug This issue represents a verified problem we are committed to solving priority (obsolete) This issue has been recognised as a priority and should be addressed as soon as possible area/security tag/regression This issue was addressed and shipped, but subsequently broken in another release labels Sep 8, 2020
@flin-8 flin-8 added this to the 2020.4.0 milestone Sep 8, 2020
@flin-8 flin-8 closed this as completed Sep 8, 2020
@octoreleasebot
Copy link

octoreleasebot commented Sep 8, 2020

Release Note: Fix bug where certain passwords are written to the deployment log in plain-text - CVE: CVE-2020-24566

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/security kind/bug This issue represents a verified problem we are committed to solving priority (obsolete) This issue has been recognised as a priority and should be addressed as soon as possible tag/regression This issue was addressed and shipped, but subsequently broken in another release
Projects
None yet
Development

No branches or pull requests

2 participants