CVE-2021-31818
N/A
N/A
Summary
Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Octopus Deploy | Octopus Server | 2018.9.17 < unspecified | affected |
| Octopus Deploy | Octopus Server | unspecified < 2020.6.5146 | affected |
| Octopus Deploy | Octopus Server | 2021.1.7149 < unspecified | affected |
| Octopus Deploy | Octopus Server | unspecified < 2021.1.7316 | affected |
Weaknesses
- SQL Injection
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.