gsd-2021-31816
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.
Aliases
Aliases
CVE-2021-31816


To clipboard 

{
  "GSD": {
    "alias": "CVE-2021-31816",
    "description": "When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.",
    "id": "GSD-2021-31816"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-31816"
      ],
      "details": "When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.",
      "id": "GSD-2021-31816",
      "modified": "2023-12-13T01:23:12.931592Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@octopus.com",
        "ID": "CVE-2021-31816",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Octopus Server",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003e=",
                          "version_value": "0.9"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "2020.6.5146"
                        },
                        {
                          "version_affected": "\u003e=",
                          "version_value": "2021.1.7149"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "2021.1.7316"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Octopus Deploy"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Cleartext Storage of Sensitive Information (Windows)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://advisories.octopus.com/adv/2021-05---Cleartext-Storage-of-Sensitive-Information-(CVE-2021-31816).2121793537.html",
            "refsource": "MISC",
            "url": "https://advisories.octopus.com/adv/2021-05---Cleartext-Storage-of-Sensitive-Information-(CVE-2021-31816).2121793537.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:octopus:server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.7316",
                "versionStartIncluding": "2021.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:octopus:server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.6.5146",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@octopus.com",
          "ID": "CVE-2021-31816"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-312"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://advisories.octopus.com/adv/2021-05---Cleartext-Storage-of-Sensitive-Information-(CVE-2021-31816).2121793537.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://advisories.octopus.com/adv/2021-05---Cleartext-Storage-of-Sensitive-Information-(CVE-2021-31816).2121793537.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-07-27T17:20Z",
      "publishedDate": "2021-07-08T11:15Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.