Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octopus octopus deploy vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-5706
An issue exists in Octopus Deploy prior to 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission.
Octopus Octopus Deploy
8.8
CVSSv3
CVE-2018-4862
In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges.
Octopus Octopus Deploy
7.5
CVSSv3
CVE-2020-24566
In Octopus Deploy 2020.3.x prior to 2020.3.4 and 2020.4.x prior to 2020.4.1, if an authenticated user creates a deployment or runbook process using Azure steps and sets the step's execution location to run on the server/worker, then (under certain circumstances) the account ...
Octopus Octopus Deploy
6.5
CVSSv3
CVE-2018-9039
In Octopus Deploy 2.0 and later prior to 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments.
Octopus Octopus Deploy
6.5
CVSSv3
CVE-2019-14268
In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authenticated user (in certain limited circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.3. The...
Octopus Octopus Deploy
6.5
CVSSv3
CVE-2019-19376
In Octopus Deploy prior to 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. (The fix for this was also backported to LTS 2019.9.8 and LTS 2...
Octopus Octopus Deploy
5.3
CVSSv3
CVE-2019-19375
In Octopus Deploy prior to 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. (The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8.)
Octopus Octopus Deploy
8.8
CVSSv3
CVE-2020-10678
In Octopus Deploy prior to 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges.
Octopus Octopus Deploy
6.5
CVSSv3
CVE-2018-12884
In Octopus Deploy 3.0 onwards (prior to 2018.6.7), an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu.
Octopus Octopus Deploy 3.0
5.7
CVSSv3
CVE-2017-11348
In Octopus Deploy 3.x prior to 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value.
Octopus Octopus Deploy 3.6.0
Octopus Octopus Deploy 3.7.0
Octopus Octopus Server 3.0.6
Octopus Octopus Server 3.0.12
Octopus Octopus Server 3.0.4
Octopus Octopus Server 3.0.18
Octopus Octopus Server 3.0.13
Octopus Octopus Server 3.0.20
Octopus Octopus Server 3.0.19
Octopus Octopus Server 3.0.26
Octopus Octopus Server 3.0.1
Octopus Octopus Server 3.0.8
Octopus Octopus Server 3.0.10
Octopus Octopus Server 3.0.15
Octopus Octopus Server 3.0.17
Octopus Octopus Server 3.0.22
Octopus Octopus Server 3.0.11
Octopus Octopus Server 3.0.14
Octopus Octopus Server 3.0.25
Octopus Octopus Server 3.0.2
Octopus Octopus Server 3.0.3
Octopus Octopus Server 3.0.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »