CVE-2021-31821

2022-01-1906:15:07

Google

osv.dev

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

12.8%

JSON

When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image

CPENameOperatorVersion
octopustentacleeq6.0.365
octopustentacleeq6.1.1164
octopustentacleeq6.1.1022
octopustentacleeq6.0.466
octopustentacleeq6.1.1044
octopustentacleeq6.1.1206
octopustentacleeq6.0.445
octopustentacleeq6.0.454
octopustentacleeq6.0.356
octopustentacleeq5.0.16

Name	Operator	Version
octopustentacle	eq	6.0.365
octopustentacle	eq	6.1.1164
octopustentacle	eq	6.1.1022
octopustentacle	eq	6.0.466
octopustentacle	eq	6.1.1044
octopustentacle	eq	6.1.1206
octopustentacle	eq	6.0.445
octopustentacle	eq	6.0.454
octopustentacle	eq	6.0.356
octopustentacle	eq	5.0.16

Rows per page:

1-10 of 3581

References

advisories.octopus.com/post/2022/sa2022-01/