CVE-2021-31820

2021-08-1810:43:57

Octopus

www.cve.org

octopus server

web request proxy

authentication

plaintext password

security vulnerability

EPSS

0.002

Percentile

53.8%

JSON

In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI.

CNA Affected

[
  {
    "product": "Octopus Server",
    "vendor": "Octopus Deploy",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "2018.8.2",
        "versionType": "custom"
      },
      {
        "lessThan": "2020.6.5310",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "2021.1.7149",
        "versionType": "custom"
      },
      {
        "lessThan": "2021.1.7622",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

advisories.octopus.com/adv/2021-07---Proxy-Password-Stored-in-Plaintext-%28CVE-2021-31820%29.2193063986.html

EPSS

0.002

Percentile

53.8%

JSON

Related for CVELIST:CVE-2021-31820