CVE-2021-31817

Summary

When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.

Affected Software

VendorProductVersion RangeStatus
Octopus DeployOctopus Server2020.6.4671 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2020.6.5146affected
Octopus DeployOctopus Server2021.1.7149 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2021.1.7316affected

Weaknesses

  • Cleartext Storage of Sensitive Information (Linux Container)

ADP Enrichment

CVE Program Container

Additional References

References