CVE-2021-31821

Published: Jan 19, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image

Affected (1)

Products: Octopus: Tentacle

Octopus

1 product

Tentacle

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Octopus Tentacle	Before 6.1.1266

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-312

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (2)

https://advisories.octopus.com/post/2022/sa2022-01/

Source: security@octopus.com

Vendor Advisory

https://advisories.octopus.com/post/2022/sa2022-01/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.