CVE-2021-31816

Summary

When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.

Affected Software

VendorProductVersion RangeStatus
Octopus DeployOctopus Server0.9 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2020.6.5146affected
Octopus DeployOctopus Server2021.1.7149 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2021.1.7316affected

Weaknesses

  • Cleartext Storage of Sensitive Information (Windows)

ADP Enrichment

CVE Program Container

Additional References

References