{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-12226", "assignerOrgId": "6f4f8c89-ef06-4bae-a2a5-6734ddf76272", "state": "PUBLISHED", "assignerShortName": "Octopus", "dateReserved": "2024-12-05T03:36:29.513Z", "datePublished": "2025-01-16T06:48:20.279Z", "dateUpdated": "2025-01-16T14:21:30.387Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Kubernetes Worker or Kubernetes Agent", "vendor": "Octopus Deploy", "versions": [{"lessThan": "1.19.0", "status": "affected", "version": "1.x", "versionType": "custom"}, {"lessThan": "2.8.0", "status": "affected", "version": "2.x", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. This was identified in Version 2 however it was determined that this could also be achieved in Version 1 and the fix was applied to both versions accordingly."}], "value": "In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. This was identified in Version 2 however it was determined that this could also be achieved in Version 1 and the fix was applied to both versions accordingly."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "6f4f8c89-ef06-4bae-a2a5-6734ddf76272", "shortName": "Octopus", "dateUpdated": "2025-01-16T06:48:20.279Z"}, "references": [{"url": "https://advisories.octopus.com/post/2024/sa2024-10/"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-16T14:21:00.502702Z", "id": "CVE-2024-12226", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-16T14:21:30.387Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-12226", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-16T14:21:00.502702Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-16T14:21:24.664Z"}}], "cna": {"source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Octopus Deploy", "product": "Kubernetes Worker or Kubernetes Agent", "versions": [{"status": "affected", "version": "1.x", "lessThan": "1.19.0", "versionType": "custom"}, {"status": "affected", "version": "2.x", "lessThan": "2.8.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://advisories.octopus.com/post/2024/sa2024-10/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. This was identified in Version 2 however it was determined that this could also be achieved in Version 1 and the fix was applied to both versions accordingly.", "supportingMedia": [{"type": "text/html", "value": "In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. This was identified in Version 2 however it was determined that this could also be achieved in Version 1 and the fix was applied to both versions accordingly.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "6f4f8c89-ef06-4bae-a2a5-6734ddf76272", "shortName": "Octopus", "dateUpdated": "2025-01-16T06:48:20.279Z"}}}, "cveMetadata": {"cveId": "CVE-2024-12226", "state": "PUBLISHED", "dateUpdated": "2025-01-16T14:21:30.387Z", "dateReserved": "2024-12-05T03:36:29.513Z", "assignerOrgId": "6f4f8c89-ef06-4bae-a2a5-6734ddf76272", "datePublished": "2025-01-16T06:48:20.279Z", "assignerShortName": "Octopus"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. This was identified in Version 2 however it was determined that this could also be achieved in Version 1 and the fix was applied to both versions accordingly."}, {"lang": "es", "value": "En las versiones afectadas del agente o trabajador de Octopus Kubernetes, se pod\u00edan escribir variables confidenciales en el registro del pod del script de Kubernetes en texto plano. Esto se identific\u00f3 en la versi\u00f3n 2, pero se determin\u00f3 que esto tambi\u00e9n se pod\u00eda lograr en la versi\u00f3n 1 y la soluci\u00f3n se aplic\u00f3 a ambas versiones en consecuencia."}], "id": "CVE-2024-12226", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@octopus.com", "type": "Secondary"}]}, "published": "2025-01-16T07:15:26.333", "references": [{"source": "security@octopus.com", "url": "https://advisories.octopus.com/post/2024/sa2024-10/"}], "sourceIdentifier": "security@octopus.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "security@octopus.com", "type": "Secondary"}]}

{}

{}