2018.8.10

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-18	CVE-2021-31820	Cleartext Storage of Sensitive Information vulnerability in Octopus Server In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI. network low complexity octopus CWE-312	7.5
2018-10-31	CVE-2018-18850	Unspecified vulnerability in Octopus Server In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server (for self-hosted installations by default, SYSTEM). network low complexity octopus	8.8