Octopus Server password shown in plain text [CVE-2021-31820]

August 18, 2021 Duncan 3070 Views 0 Comments CVE-2021-31820, Octopus Server, Password 0 min read

CVE number = CVE-2021-31820

In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI.

The versions of Octopus Server affected by this vulnerability are:

All 2018.x.x versions after 2018.8.2
All 2019.x.x, 2020.1.x, 2020.2.x, 2020.3.x, 2020.4.x, 2020.5.x versions
All 2020.6.x versions before 2020.6.5310
All 2021.1.x versions before 2021.1.7622

Resolution

To address this vulnerability, we have released Octopus Server version:

2020.6.5310
2021.1.7622

The latest versions of Octopus Deploy products can be downloaded from https://octopus.com/downloads and previous versions can be downloaded from https://octopus.com/downloads/previous

Duncan

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Octopus Server password shown in plain text [CVE-2021-31820]

Resolution

Like this:

Related Posts

Duncan

Leave a ReplyCancel reply

Resolution

Share this:

Like this:

Related Posts

Duncan

Leave a ReplyCancel reply