CVE-2021-31820

EUVD-2021-18695
In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
octopusoctopus_server
2018.8.2 <
𝑥
< 2020.6.5310
octopusoctopus_server
2021.1.0 ≤
𝑥
< 2021.1.7622
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://advisories.octopus.com/adv/2021-07---Proxy-Password-Stored-in-Plaintext-%28CVE-2021-31820%29.2193063986.html
https://advisories.octopus.com/adv/2021-07---Proxy-Password-Stored-in-Plaintext-%28CVE-2021-31820%29.2193063986.html