github - ghsa-cg8q-mvmc-qr6h

ghsa-cg8q-mvmc-qr6h

Vulnerability from github

Published

2022-05-24 19:07

Modified

2022-07-28 00:00

Severity

7.5 (High) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-31817"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-08T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.",
  "id": "GHSA-cg8q-mvmc-qr6h",
  "modified": "2022-07-28T00:00:45Z",
  "published": "2022-05-24T19:07:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31817"
    },
    {
      "type": "WEB",
      "url": "https://advisories.octopus.com/adv/2021-06---Cleartext-Storage-of-Sensitive-Information-(CVE-2021-31817).2121138201.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2021-31817

Vulnerability from cvelistv5

Published

2021-07-08 10:43

Modified

2024-08-03 23:10

Severity

Summary

When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.

References

URL	Tags
https://advisories.octopus.com/adv/2021-06---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-31817%29.2121138201.html	x_refsource_MISC

Impacted products

Vendor	Product
Octopus Deploy	Octopus Server

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:10:30.181Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://advisories.octopus.com/adv/2021-06---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-31817%29.2121138201.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Octopus Server",
          "vendor": "Octopus Deploy",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "2020.6.4671",
              "versionType": "custom"
            },
            {
              "lessThan": "2020.6.5146",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "2021.1.7149",
              "versionType": "custom"
            },
            {
              "lessThan": "2021.1.7316",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cleartext Storage of Sensitive Information (Linux Container)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-08T10:43:40",
        "orgId": "6f4f8c89-ef06-4bae-a2a5-6734ddf76272",
        "shortName": "Octopus"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://advisories.octopus.com/adv/2021-06---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-31817%29.2121138201.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@octopus.com",
          "ID": "CVE-2021-31817",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Octopus Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "2020.6.4671"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "2020.6.5146"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "2021.1.7149"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "2021.1.7316"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Octopus Deploy"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cleartext Storage of Sensitive Information (Linux Container)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://advisories.octopus.com/adv/2021-06---Cleartext-Storage-of-Sensitive-Information-(CVE-2021-31817).2121138201.html",
              "refsource": "MISC",
              "url": "https://advisories.octopus.com/adv/2021-06---Cleartext-Storage-of-Sensitive-Information-(CVE-2021-31817).2121138201.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6f4f8c89-ef06-4bae-a2a5-6734ddf76272",
    "assignerShortName": "Octopus",
    "cveId": "CVE-2021-31817",
    "datePublished": "2021-07-08T10:43:40",
    "dateReserved": "2021-04-26T00:00:00",
    "dateUpdated": "2024-08-03T23:10:30.181Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.