CVE-2021-31821

EUVD-2021-18696
When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Affected Products (NVD)
VendorProductVersion
octopustentacle
𝑥
< 6.1.1266
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://advisories.octopus.com/post/2022/sa2022-01/
https://advisories.octopus.com/post/2022/sa2022-01/