CVE-2021-30183

Published: May 14, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext.

Affected (3)

Products: Octopus: Server

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Octopus Server	Before 2020.5.329
Octopus Server	From 2020.6.0 to 2020.6.4847
Octopus Server	From 2021.1.0 to 2021.1.6959

Related CWEs

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (4)

https://advisories.octopus.com/adv/2021-03---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-30183%29.1817083941.html

Source: cve@mitre.org

https://github.com/OctopusDeploy/Issues

Source: cve@mitre.org

Third Party Advisory

https://advisories.octopus.com/adv/2021-03---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-30183%29.1817083941.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/OctopusDeploy/Issues

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.