In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI.
References
Configurations
Configuration 1 (hide)
AND |
|
History
07 Nov 2023, 03:35
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
25 Aug 2021, 18:20
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
|
CWE | CWE-312 | |
References | (MISC) https://advisories.octopus.com/adv/2021-07---Proxy-Password-Stored-in-Plaintext-(CVE-2021-31820).2193063986.html - Vendor Advisory |
18 Aug 2021, 11:38
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-08-18 11:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-31820
Mitre link : CVE-2021-31820
CVE.ORG link : CVE-2021-31820
JSON object : View
Products Affected
linux
- linux_kernel
microsoft
- windows
octopus
- octopus_server
CWE
CWE-312
Cleartext Storage of Sensitive Information