Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octopus octopus deploy vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2018-10550
In Octopus Deploy prior to 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to.
Octopus Octopus Deploy
490
VMScore
CVE-2018-10581
In Octopus Deploy 3.4.x prior to 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belo...
Octopus Octopus Deploy
NA
CVE-2023-2247
In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function
Octopus Octopus Deploy
356
VMScore
CVE-2019-14268
In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authenticated user (in certain limited circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.3. The...
Octopus Octopus Deploy
356
VMScore
CVE-2018-9039
In Octopus Deploy 2.0 and later prior to 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments.
Octopus Octopus Deploy
578
VMScore
CVE-2018-5706
An issue exists in Octopus Deploy prior to 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission.
Octopus Octopus Deploy
578
VMScore
CVE-2020-10678
In Octopus Deploy prior to 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges.
Octopus Octopus Deploy
356
VMScore
CVE-2019-19376
In Octopus Deploy prior to 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. (The fix for this was also backported to LTS 2019.9.8 and LTS 2...
Octopus Octopus Deploy
356
VMScore
CVE-2018-12884
In Octopus Deploy 3.0 onwards (prior to 2018.6.7), an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu.
Octopus Octopus Deploy 3.0
561
VMScore
CVE-2017-11348
In Octopus Deploy 3.x prior to 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value.
Octopus Octopus Deploy 3.6.0
Octopus Octopus Deploy 3.7.0
Octopus Octopus Server 3.0.6
Octopus Octopus Server 3.0.12
Octopus Octopus Server 3.0.4
Octopus Octopus Server 3.0.18
Octopus Octopus Server 3.0.13
Octopus Octopus Server 3.0.20
Octopus Octopus Server 3.0.19
Octopus Octopus Server 3.0.26
Octopus Octopus Server 3.0.1
Octopus Octopus Server 3.0.8
Octopus Octopus Server 3.0.10
Octopus Octopus Server 3.0.15
Octopus Octopus Server 3.0.17
Octopus Octopus Server 3.0.22
Octopus Octopus Server 3.0.11
Octopus Octopus Server 3.0.14
Octopus Octopus Server 3.0.25
Octopus Octopus Server 3.0.2
Octopus Octopus Server 3.0.3
Octopus Octopus Server 3.0.5
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »