CVE-2022-2721

Published: Nov 25, 2022Modified: Apr 25, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled.

Affected (2)

Products: Octopus: Octopus Server

Octopus

1 product

Octopus Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Octopus Octopus Server	From 2022.2.6729 to 2022.2.7965
Octopus Octopus Server	From 2022.3.348 to 2022.3.9163

Related CWEs

CWE-532

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

https://advisories.octopus.com/post/2022/sa2022-24/

Source: security@octopus.com

Vendor Advisory

https://advisories.octopus.com/post/2022/sa2022-24/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.