CVE-2021-31817

Published: Jul 8, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.

Affected (2)

Products: Octopus: Server

Octopus

1 product

Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Octopus Server	From 2020.6.0 to 2020.6.5146
Octopus Server	From 2021.1.0 to 2021.1.7316

Related CWEs

CWE-312

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (2)

https://advisories.octopus.com/adv/2021-06---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-31817%29.2121138201.html

Source: security@octopus.com

https://advisories.octopus.com/adv/2021-06---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-31817%29.2121138201.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.