CyberSec.Space Logo
Back to CVE Browser

CVE-2021-31816

HIGH
7.5
CVSS Severity Score
EPSS Score0.1470%
EPSS Percentile21.94th
PublishedJul 8, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.

Affected Platforms (CPE)

📦
Octopus

Server

< 2020.6.5146
📦
Octopus

Server

>= 2021.1.0 and < 2021.1.7316

References & Advisories

🔗 https://advisories.octopus.com/adv/2021-05---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-31816%29.2121793537.html
🔗 https://advisories.octopus.com/adv/2021-05---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-31816%29.2121793537.html

Related Vulnerabilities

CVE-2017-1013710.0

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JNDI). Supported versions that ar...

CVE-2017-1290510.0

Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information ...

CVE-2017-234310.0

The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to ...

CVE-2017-1129110.0

An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists tha...