Sensitive Data Exposure in Octopus Kubernetes Worker or Agent
CVE-2024-12226

6.5MEDIUM

Key Information:

Vendor: Octopus Deploy
Status: Kubernetes Worker Or Kubernetes Agent
Vendor: CVE Published:; 16 January 2025

🔔 Create Octopus Deploy Vulnerability Alert

What is CVE-2024-12226?

In certain versions of the Octopus Kubernetes worker and agent, sensitive variables were improperly logged in clear-text format within the Kubernetes script pod log. This issue was first identified in Version 2 but was subsequently found to also affect Version 1. Appropriate fixes have been implemented across both versions to mitigate this risk.

Affected Version(s)

Kubernetes Worker or Kubernetes Agent 1.x < 1.19.0

Kubernetes Worker or Kubernetes Agent 2.x < 2.8.0

References

https://advisories.octopus.com/post/2024/sa2024-10/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Dec 5, 2024