Octopus Deploy Kubernetes Worker and Agent Sensitive Variable Logging Vulnerability

A vulnerability exists in Octopus Deploy Kubernetes worker and agent versions 1.x prior to 1.19.0 and 2.x prior to 2.8.0, allowing sensitive variables to be logged in clear text in the Kubernetes script pod logs. This issue was initially identified in version 2 but was later found to affect version 1 as well.

Impact

Exploitation of this vulnerability could lead to unauthorized exposure of sensitive variables in clear text within Kubernetes pod logs.

Remediation

Users are advised to upgrade to Octopus Deploy Kubernetes worker or agent versions 1.19.0 or greater and 2.8.0 or greater. For those who have already upgraded to version 2.8.1 or 1.19.1, no action is needed. If a manual update is required, guidance is available on the Octopus Deploy Kubernetes worker troubleshooting page.