Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octopus octopus deploy vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-19376
In Octopus Deploy prior to 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. (The fix for this was also backported to LTS 2019.9.8 and LTS 2...
Octopus Octopus Deploy
4
CVSSv2
CVE-2017-15611
In Octopus prior to 3.17.7, an authenticated user who was explicitly granted the permission to invite new users (aka UserInvite) can invite users to teams with escalated privileges.
Octopus Octopus Deploy
6.5
CVSSv2
CVE-2017-17665
In Octopus Deploy prior to 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access.
Octopus Octopus Deploy
6.5
CVSSv2
CVE-2020-10678
In Octopus Deploy prior to 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges.
Octopus Octopus Deploy
4
CVSSv2
CVE-2020-12286
In Octopus Deploy prior to 2019.12.9 and 2020 prior to 2020.1.12, the TaskView permission is not scoped to any dimension. For example, a scoped user who is scoped to only one tenant can view server tasks scoped to any other tenant.
Octopus Octopus Deploy
4.3
CVSSv2
CVE-2019-19375
In Octopus Deploy prior to 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. (The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8.)
Octopus Octopus Deploy
4.3
CVSSv2
CVE-2020-27155
An issue exists in Octopus Deploy up to and including 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one.
Octopus Octopus Deploy
6.5
CVSSv2
CVE-2018-4862
In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges.
Octopus Octopus Deploy
5.5
CVSSv2
CVE-2018-10581
In Octopus Deploy 3.4.x prior to 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belo...
Octopus Octopus Deploy
4
CVSSv2
CVE-2020-14470
In Octopus Deploy 2018.8.0 up to and including 2019.x prior to 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password.
Octopus Octopus Deploy
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »