{"id":"CVE-2021-21270","details":"OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is patched in version 4.0.1002.","modified":"2026-04-10T04:29:35.013963Z","published":"2021-01-22T18:15:12.687Z","related":["GHSA-phmm-rfg9-94fm"],"references":[{"type":"ADVISORY","url":"https://github.com/OctopusDeploy/OctopusDSC/security/advisories/GHSA-phmm-rfg9-94fm"},{"type":"ADVISORY","url":"https://github.com/OctopusDeploy/OctopusDSC/releases/tag/v4.0.1002"},{"type":"FIX","url":"https://github.com/OctopusDeploy/OctopusDSC/commit/24b448e6ac964ed938475add494a145c0473ac42"},{"type":"FIX","url":"https://github.com/OctopusDeploy/OctopusDSC/pull/270"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/octopusdeploy/octopusdsc","events":[{"introduced":"0"},{"fixed":"24b448e6ac964ed938475add494a145c0473ac42"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.0.1002"}]}}],"versions":["v2.0.103","v2.0.104","v2.0.106","v2.0.118","v2.0.120","v2.0.123","v2.0.136","v3.0.1","v3.0.105","v3.0.140","v3.0.141","v3.0.142","v3.0.146","v3.0.147","v3.0.148","v3.0.149","v3.0.150","v3.0.153","v3.0.167","v3.0.168","v3.0.169","v3.0.17","v3.0.187","v3.0.2","v3.0.27","v3.0.28","v3.0.39","v3.0.4","v3.0.45","v3.0.6","v3.0.62","v3.0.65","v3.0.7","v3.0.70","v3.0.72","v3.0.74","v3.0.78","v3.0.81","v3.0.84","v3.0.92","v3.0.94","v3.0.98","v4.0.190","v4.0.194","v4.0.198","v4.0.205","v4.0.208","v4.0.217","v4.0.220","v4.0.226","v4.0.227","v4.0.235","v4.0.242","v4.0.244","v4.0.247","v4.0.249","v4.0.250","v4.0.253","v4.0.258","v4.0.284","v4.0.303","v4.0.327","v4.0.347","v4.0.357","v4.0.358","v4.0.360","v4.0.362","v4.0.365","v4.0.368","v4.0.376","v4.0.382","v4.0.384","v4.0.394","v4.0.401","v4.0.403","v4.0.408","v4.0.416","v4.0.419","v4.0.423","v4.0.425","v4.0.432","v4.0.433","v4.0.447","v4.0.449","v4.0.522","v4.0.537","v4.0.538","v4.0.553","v4.0.579","v4.0.583","v4.0.587","v4.0.588","v4.0.618","v4.0.620","v4.0.623","v4.0.625","v4.0.626","v4.0.629","v4.0.639","v4.0.640","v4.0.659","v4.0.689","v4.0.693","v4.0.713","v4.0.732","v4.0.733","v4.0.743","v4.0.745","v4.0.746","v4.0.752","v4.0.762","v4.0.769","v4.0.770","v4.0.776","v4.0.782","v4.0.800","v4.0.801","v4.0.805","v4.0.807","v4.0.810","v4.0.816","v4.0.829","v4.0.831","v4.0.834","v4.0.837","v4.0.843","v4.0.872","v4.0.876","v4.0.880","v4.0.881","v4.0.883","v4.0.884","v4.0.889","v4.0.891","v4.0.896","v4.0.897","v4.0.900","v4.0.903","v4.0.917","v4.0.924","v4.0.929","v4.0.932","v4.0.934","v4.0.957","v4.0.977"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21270.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}