Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octopus octopus deploy vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2019-8944
An Information Exposure issue in the Terraform deployment step in Octopus Deploy prior to 2019.1.8 (and prior to 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files.
Octopus Octopus Deploy 2018.10.3
Octopus Octopus Deploy 2018.10.2
Octopus Octopus Deploy 2018.10.1
Octopus Octopus Deploy 2018.10.0
Octopus Octopus Deploy
Octopus Octopus Server
517
VMScore
CVE-2022-23184
In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects.
Octopus Octopus Deploy
Octopus Octopus Server
490
VMScore
CVE-2019-11632
In Octopus Deploy 2019.1.0 up to and including 2019.3.1 and 2019.4.0 up to and including 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. (...
Octopus Octopus Deploy
Octopus Octopus Server
392
VMScore
CVE-2021-26556
When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access.
Octopus Octopus Deploy
Octopus Octopus Server
356
VMScore
CVE-2019-14525
In Octopus Deploy 2019.4.0 up to and including 2019.6.x prior to 2019.6.6, and 2019.7.x prior to 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call.
Octopus Octopus Deploy
Octopus Octopus Server
356
VMScore
CVE-2017-15610
An issue exists in Octopus prior to 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an attacker can sign in as the Guest account and export Certificates managed by Octopus, incl...
Octopus Octopus Deploy
356
VMScore
CVE-2019-19084
In Octopus Deploy 3.3.0 up to and including 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details.
Octopus Octopus Deploy
578
VMScore
CVE-2018-4862
In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges.
Octopus Octopus Deploy
356
VMScore
CVE-2018-9039
In Octopus Deploy 2.0 and later prior to 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments.
Octopus Octopus Deploy
578
VMScore
CVE-2017-17665
In Octopus Deploy prior to 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access.
Octopus Octopus Deploy
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »