Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octopus vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2018-5706
An issue exists in Octopus Deploy prior to 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission.
Octopus Octopus Deploy
5
CVSSv2
CVE-2018-10550
In Octopus Deploy prior to 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to.
Octopus Octopus Deploy
NA
CVE-2022-2781
In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables.
Octopus Octopus Server
NA
CVE-2023-2247
In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function
Octopus Octopus Deploy
NA
CVE-2022-2783
In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token
Octopus Octopus Server
4
CVSSv2
CVE-2020-14470
In Octopus Deploy 2018.8.0 up to and including 2019.x prior to 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password.
Octopus Octopus Deploy
NA
CVE-2022-2883
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
Octopus Octopus Server
NA
CVE-2022-3614
In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation.
Octopus Octopus Server
5.5
CVSSv2
CVE-2018-10581
In Octopus Deploy 3.4.x prior to 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belo...
Octopus Octopus Deploy
5
CVSSv2
CVE-2018-11320
In Octopus Deploy 2018.4.4 up to and including 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs.
Octopus Octopus Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »