In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI.
References
Configurations
Configuration 1 (hide)
AND |
|
History
25 Aug 2021, 18:20
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-312 | |
References | (MISC) https://advisories.octopus.com/adv/2021-07---Proxy-Password-Stored-in-Plaintext-(CVE-2021-31820).2193063986.html - Vendor Advisory |
18 Aug 2021, 11:38
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-08-18 11:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-31820
Mitre link : CVE-2021-31820
CVE.ORG link : CVE-2021-31820
JSON object : View
Products Affected
microsoft
- windows
linux
- linux_kernel
octopus
- octopus_server
CWE
CWE-312
Cleartext Storage of Sensitive Information