Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octopus vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-19375
In Octopus Deploy prior to 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. (The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8.)
Octopus Octopus Deploy
4
CVSSv2
CVE-2019-19376
In Octopus Deploy prior to 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. (The fix for this was also backported to LTS 2019.9.8 and LTS 2...
Octopus Octopus Deploy
5
CVSSv2
CVE-2017-15609
Octopus prior to 3.17.7 allows malicious users to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets.
Octopus Octopus Deploy
4
CVSSv2
CVE-2017-15611
In Octopus prior to 3.17.7, an authenticated user who was explicitly granted the permission to invite new users (aka UserInvite) can invite users to teams with escalated privileges.
Octopus Octopus Deploy
NA
CVE-2023-1904
In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.
Octopus Octopus Server
NA
CVE-2022-4870
In affected versions of Octopus Deploy it is possible to discover network details via error message
Octopus Octopus Server
NA
CVE-2022-4898
In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different ...
Octopus Octopus Server
NA
CVE-2022-2720
In affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value masking will only partially work.
Octopus Octopus Server
5
CVSSv2
CVE-2022-1670
When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users.
Octopus Octopus Server
3.5
CVSSv2
CVE-2017-16801
Cross-site scripting (XSS) vulnerability in Octopus Deploy 3.7.0-3.17.13 (fixed in 3.17.14) allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name parameter.
Octopus Octopus Deploy
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »