Bash scripts can reveal sensitive variable values #6604
Labels
area/security
kind/bug
This issue represents a verified problem we are committed to solving
priority
(obsolete) This issue has been recognised as a priority and should be addressed as soon as possible
Milestone
Prerequisites
Description
Bash scripts, when configured in a certain way, can reveal reveal enough information to determine sensitive variable values in task logs. Other script types are not affected.
Affected versions
Octopus Server: 3.1.0 - 2020.4.0
Links
CVE: CVE-2020-25825
Internal Issue: https://github.com/OctopusDeploy/OctopusDeploy/issues/7304
PR: https://github.com/OctopusDeploy/OctopusDeploy/pull/7314
The text was updated successfully, but these errors were encountered: