CVE-2021-31817
HIGHOctopus Server 2020.6.0-2020.6.5146 - Cleartext Storage of Sensitive Information in Log File
Title source: llmDescription
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.
References (1)
Core 1
Core References
Various Sources x_refsource_misc
https://advisories.octopus.com/adv/2021-06---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-31817%29.2121138201.html
Scores
CVSS v3
7.5
EPSS
0.0086
EPSS Percentile
53.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-312
Status
published
Products (1)
octopus/server
2020.6.0 - 2020.6.5146
Published
Jul 08, 2021
Tracked Since
Feb 18, 2026