Strix
26.1K

CVE-2021-30183

HIGHCVSS 7.5/10EPSS 0.87%

Last modified

CVE-2021-30183 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext.. EPSS estimates a 0.87% chance of exploitation in the next 30 days.

Description

Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability
0.87%

54.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
OctopusServer< 2020.5.329
OctopusServer>= 2020.6.0, < 2020.6.4847
OctopusServer>= 2021.1.0, < 2021.1.6959

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-30183?
Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext.
How severe is CVE-2021-30183?
CVE-2021-30183 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.87% probability of exploitation in the next 30 days.
How do I fix CVE-2021-30183?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-30183?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST