Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2021-31818

Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables.

  • Published: Jun 17, 2021
  • Updated: Apr 14, 2023
  • CVE: CVE-2021-31818
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 4
  • AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
octopus / server 2020.0.0 2020.6.0
octopus / server 2020.6.0 2020.6.5146
octopus / server 2021.1.0 2021.1.7316
octopus / server 2018.9.17 2018.13.0