Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octopus octopus server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-1881
In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space.
Octopus Octopus Server
NA
CVE-2022-4008
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
Octopus Octopus Server
NA
CVE-2022-4009
In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation
Octopus Octopus Server
NA
CVE-2022-4870
In affected versions of Octopus Deploy it is possible to discover network details via error message
Octopus Octopus Server
NA
CVE-2022-4898
In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different ...
Octopus Octopus Server
NA
CVE-2022-3460
In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.
Octopus Octopus Server
NA
CVE-2022-2572
In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked.
Octopus Octopus Server
NA
CVE-2022-2507
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage
Octopus Octopus Server
NA
CVE-2022-2508
In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging.
Octopus Octopus Server
NA
CVE-2022-2528
In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages.
Octopus Octopus Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »