CVE-2021-31818

Summary

Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables.

Affected Software

VendorProductVersion RangeStatus
Octopus DeployOctopus Server2018.9.17 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2020.6.5146affected
Octopus DeployOctopus Server2021.1.7149 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2021.1.7316affected

Weaknesses

  • SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References