Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octopus octopus deploy vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-8944
An Information Exposure issue in the Terraform deployment step in Octopus Deploy prior to 2019.1.8 (and prior to 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files.
Octopus Octopus Deploy 2018.10.3
Octopus Octopus Deploy 2018.10.2
Octopus Octopus Deploy 2018.10.1
Octopus Octopus Deploy 2018.10.0
Octopus Octopus Deploy
Octopus Octopus Server
8.1
CVSSv3
CVE-2019-11632
In Octopus Deploy 2019.1.0 up to and including 2019.3.1 and 2019.4.0 up to and including 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. (...
Octopus Octopus Deploy
Octopus Octopus Server
4.9
CVSSv3
CVE-2019-14525
In Octopus Deploy 2019.4.0 up to and including 2019.6.x prior to 2019.6.6, and 2019.7.x prior to 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call.
Octopus Octopus Deploy
Octopus Octopus Server
7.8
CVSSv3
CVE-2021-26556
When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access.
Octopus Octopus Deploy
Octopus Octopus Server
6.1
CVSSv3
CVE-2022-23184
In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects.
Octopus Octopus Deploy
Octopus Octopus Server
7.5
CVSSv3
CVE-2020-24566
In Octopus Deploy 2020.3.x prior to 2020.3.4 and 2020.4.x prior to 2020.4.1, if an authenticated user creates a deployment or runbook process using Azure steps and sets the step's execution location to run on the server/worker, then (under certain circumstances) the account ...
Octopus Octopus Deploy
4.3
CVSSv3
CVE-2020-12286
In Octopus Deploy prior to 2019.12.9 and 2020 prior to 2020.1.12, the TaskView permission is not scoped to any dimension. For example, a scoped user who is scoped to only one tenant can view server tasks scoped to any other tenant.
Octopus Octopus Deploy
6.1
CVSSv3
CVE-2020-26161
In Octopus Deploy up to and including 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header.
Octopus Octopus Deploy
5.4
CVSSv3
CVE-2017-16801
Cross-site scripting (XSS) vulnerability in Octopus Deploy 3.7.0-3.17.13 (fixed in 3.17.14) allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name parameter.
Octopus Octopus Deploy
5.4
CVSSv3
CVE-2017-16810
Cross-site scripting (XSS) vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 (fixed in 3.13.7) allows remote malicious users to inject arbitrary web script or HTML via the Variable Set Name parameter.
Octopus Octopus Deploy
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »