fkie_cve-2024-12226
Vulnerability from fkie_nvd
Published
2025-01-16 07:15
Modified
2025-01-16 07:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. This was identified in Version 2 however it was determined that this could also be achieved in Version 1 and the fix was applied to both versions accordingly.
References
security@octopus.comhttps://advisories.octopus.com/post/2024/sa2024-10/
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. This was identified in Version 2 however it was determined that this could also be achieved in Version 1 and the fix was applied to both versions accordingly."
    },
    {
      "lang": "es",
      "value": "En las versiones afectadas del agente o trabajador de Octopus Kubernetes, se pod\u00edan escribir variables confidenciales en el registro del pod del script de Kubernetes en texto plano. Esto se identific\u00f3 en la versi\u00f3n 2, pero se determin\u00f3 que esto tambi\u00e9n se pod\u00eda lograr en la versi\u00f3n 1 y la soluci\u00f3n se aplic\u00f3 a ambas versiones en consecuencia."
    }
  ],
  "id": "CVE-2024-12226",
  "lastModified": "2025-01-16T07:15:26.333",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "security@octopus.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-01-16T07:15:26.333",
  "references": [
    {
      "source": "security@octopus.com",
      "url": "https://advisories.octopus.com/post/2024/sa2024-10/"
    }
  ],
  "sourceIdentifier": "security@octopus.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "security@octopus.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.