Octopus: >> Server >> 2020.5.353 Security Vulnerabilities
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-07-08
Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-06-17