CVE-2021-30183

Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
octopusserver
𝑥
< 2020.5.329
octopusserver
2020.6.0 ≤
𝑥
< 2020.6.4847
octopusserver
2021.1.0 ≤
𝑥
< 2021.1.6959
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://advisories.octopus.com/adv/2021-03---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-30183%29.1817083941.html
https://github.com/OctopusDeploy/Issues
https://advisories.octopus.com/adv/2021-03---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-30183%29.1817083941.html
https://github.com/OctopusDeploy/Issues