Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

octopus deploy vulnerabilities and exploits

(subscribe to this query)
4
CVSSv2
CVE-2019-8944
An Information Exposure issue in the Terraform deployment step in Octopus Deploy prior to 2019.1.8 (and prior to 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files.
Octopus Octopus Deploy 2018.10.3Octopus Octopus Deploy 2018.10.2Octopus Octopus Deploy 2018.10.1Octopus Octopus Deploy 2018.10.0Octopus Octopus DeployOctopus Octopus Server
4.4
CVSSv2
CVE-2021-26556
When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access.
Octopus Octopus DeployOctopus Octopus Server
5.8
CVSSv2
CVE-2022-23184
In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects.
Octopus Octopus DeployOctopus Octopus Server
5.5
CVSSv2
CVE-2019-11632
In Octopus Deploy 2019.1.0 up to and including 2019.3.1 and 2019.4.0 up to and including 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. (...
Octopus Octopus DeployOctopus Octopus Server
4
CVSSv2
CVE-2019-14525
In Octopus Deploy 2019.4.0 up to and including 2019.6.x prior to 2019.6.6, and 2019.7.x prior to 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call.
Octopus Octopus DeployOctopus Octopus Server
NA
CVE-2023-2247
In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function
Octopus Octopus Deploy
4
CVSSv2
CVE-2017-15610
An issue exists in Octopus prior to 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an attacker can sign in as the Guest account and export Certificates managed by Octopus, incl...
Octopus Octopus Deploy
3.5
CVSSv2
CVE-2017-16810
Cross-site scripting (XSS) vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 (fixed in 3.13.7) allows remote malicious users to inject arbitrary web script or HTML via the Variable Set Name parameter.
Octopus Octopus Deploy
6.5
CVSSv2
CVE-2018-4862
In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges.
Octopus Octopus Deploy
5.8
CVSSv2
CVE-2020-26161
In Octopus Deploy up to and including 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header.
Octopus Octopus Deploy
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook