Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octopus vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-24566
In Octopus Deploy 2020.3.x prior to 2020.3.4 and 2020.4.x prior to 2020.4.1, if an authenticated user creates a deployment or runbook process using Azure steps and sets the step's execution location to run on the server/worker, then (under certain circumstances) the account ...
Octopus Octopus Deploy
4.3
CVSSv3
CVE-2020-12286
In Octopus Deploy prior to 2019.12.9 and 2020 prior to 2020.1.12, the TaskView permission is not scoped to any dimension. For example, a scoped user who is scoped to only one tenant can view server tasks scoped to any other tenant.
Octopus Octopus Deploy
9.8
CVSSv3
CVE-2022-2572
In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked.
Octopus Octopus Server
6.1
CVSSv3
CVE-2020-26161
In Octopus Deploy up to and including 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header.
Octopus Octopus Deploy
5.4
CVSSv3
CVE-2017-16801
Cross-site scripting (XSS) vulnerability in Octopus Deploy 3.7.0-3.17.13 (fixed in 3.17.14) allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name parameter.
Octopus Octopus Deploy
5.4
CVSSv3
CVE-2017-16810
Cross-site scripting (XSS) vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 (fixed in 3.13.7) allows remote malicious users to inject arbitrary web script or HTML via the Variable Set Name parameter.
Octopus Octopus Deploy
7.5
CVSSv3
CVE-2022-3460
In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.
Octopus Octopus Server
6.5
CVSSv3
CVE-2022-2528
In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages.
Octopus Octopus Server
5.3
CVSSv3
CVE-2023-2247
In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function
Octopus Octopus Deploy
4.3
CVSSv3
CVE-2022-2346
In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints.
Octopus Octopus Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »