CVE-2021-30183
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext.
Un almacenamiento de texto sin cifrar de información confidencial en múltiples versiones de Octopus Server, donde en determinadas situaciones cuando se ejecutan procesos de importación o exportación, la contraseña usada para cifrar y descifrar valores confidenciales se escribiría en los registros en texto plano
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-04-07 CVE Reserved
- 2021-05-14 CVE Published
- 2024-01-28 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-312: Cleartext Storage of Sensitive Information
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://advisories.octopus.com/adv/2021-03---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-30183%29.1817083941.html | X_refsource_misc | |
| https://github.com/OctopusDeploy/Issues | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Octopus Search vendor "Octopus" | Server Search vendor "Octopus" for product "Server" | < 2020.5.329 Search vendor "Octopus" for product "Server" and version " < 2020.5.329" | - |
Affected
| ||||||
| Octopus Search vendor "Octopus" | Server Search vendor "Octopus" for product "Server" | >= 2020.6.0 < 2020.6.4847 Search vendor "Octopus" for product "Server" and version " >= 2020.6.0 < 2020.6.4847" | - |
Affected
| ||||||
| Octopus Search vendor "Octopus" | Server Search vendor "Octopus" for product "Server" | >= 2021.1.0 < 2021.1.6959 Search vendor "Octopus" for product "Server" and version " >= 2021.1.0 < 2021.1.6959" | - |
Affected
| ||||||