CVE-2021-30183

{"id": "CVE-2021-30183", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-05-14T11:15:07.400", "references": [{"url": "https://advisories.octopus.com/adv/2021-03---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-30183%29.1817083941.html", "source": "cve@mitre.org"}, {"url": "https://github.com/OctopusDeploy/Issues", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext."}, {"lang": "es", "value": "Un almacenamiento de texto sin cifrar de informaci\u00f3n confidencial en m\u00faltiples versiones de Octopus Server, donde en determinadas situaciones cuando se ejecutan procesos de importaci\u00f3n o exportaci\u00f3n, la contrase\u00f1a usada para cifrar y descifrar valores confidenciales se escribir\u00eda en los registros en texto plano"}], "lastModified": "2023-11-07T03:33:00.287", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:octopus:server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88B56BBE-C48F-4663-A6D6-A8F954BE8B25", "versionEndExcluding": "2020.5.329"}, {"criteria": "cpe:2.3:a:octopus:server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0AFF858-5C68-44FD-B522-B53C568663BF", "versionEndExcluding": "2020.6.4847", "versionStartIncluding": "2020.6.0"}, {"criteria": "cpe:2.3:a:octopus:server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29680F0A-8423-4E16-B071-38FB838B1B66", "versionEndExcluding": "2021.1.6959", "versionStartIncluding": "2021.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}