gsd-2021-31816
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2021-31816", "description": "When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.", "id": "GSD-2021-31816" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2021-31816" ], "details": "When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.", "id": "GSD-2021-31816", "modified": "2023-12-13T01:23:12.931592Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@octopus.com", "ID": "CVE-2021-31816", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Octopus Server", "version": { "version_data": [ { "version_affected": "\u003e=", "version_value": "0.9" }, { "version_affected": "\u003c", "version_value": "2020.6.5146" }, { "version_affected": "\u003e=", "version_value": "2021.1.7149" }, { "version_affected": "\u003c", "version_value": "2021.1.7316" } ] } } ] }, "vendor_name": "Octopus Deploy" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cleartext Storage of Sensitive Information (Windows)" } ] } ] }, "references": { "reference_data": [ { "name": "https://advisories.octopus.com/adv/2021-05---Cleartext-Storage-of-Sensitive-Information-(CVE-2021-31816).2121793537.html", "refsource": "MISC", "url": "https://advisories.octopus.com/adv/2021-05---Cleartext-Storage-of-Sensitive-Information-(CVE-2021-31816).2121793537.html" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:octopus:server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2021.1.7316", "versionStartIncluding": "2021.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:octopus:server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2020.6.5146", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security@octopus.com", "ID": "CVE-2021-31816" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-312" } ] } ] }, "references": { "reference_data": [ { "name": "https://advisories.octopus.com/adv/2021-05---Cleartext-Storage-of-Sensitive-Information-(CVE-2021-31816).2121793537.html", "refsource": "MISC", "tags": [ "Vendor Advisory" ], "url": "https://advisories.octopus.com/adv/2021-05---Cleartext-Storage-of-Sensitive-Information-(CVE-2021-31816).2121793537.html" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2022-07-27T17:20Z", "publishedDate": "2021-07-08T11:15Z" } } }
Loading...