CVE-2021-31822: 
Octopus Deploy Tentacle (Agent) vulnerability analysis and mitigation

When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This vulnerability (CVE-2021-31822) was disclosed on November 24, 2021, affecting Octopus Tentacle versions from 3.15.4 up to (excluding) 6.1.1116. The vulnerability could allow a local unprivileged user to modify the contents of the systemd service file to gain privileged access (NVD).

The vulnerability stems from incorrect default permissions in the systemd service file configuration. It has been assigned CWE-276 (Incorrect Default Permissions). The vulnerability has received a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access, low complexity, low privileges required, no user interaction, and high impacts on confidentiality, integrity, and availability (NVD).

A successful exploitation of this vulnerability could allow a local unprivileged user to gain elevated privileges on the affected system by modifying the systemd service file. This could lead to complete system compromise with high impacts on confidentiality, integrity, and availability (NVD).

The vulnerability has been fixed in Octopus Tentacle version 6.1.1116. Users are advised to upgrade to this version or later to address the vulnerability (NVD).