CVE-2021-31820

Summary

In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI.

Affected Software

VendorProductVersion RangeStatus
Octopus DeployOctopus Server2018.8.2 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2020.6.5310affected
Octopus DeployOctopus Server2021.1.7149 < unspecifiedaffected
Octopus DeployOctopus Serverunspecified < 2021.1.7622affected

Weaknesses

  • Proxy Password Stored in Plaintext

ADP Enrichment

CVE Program Container

Additional References

References