Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octopus octopus server vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2022-4870
In affected versions of Octopus Deploy it is possible to discover network details via error message
Octopus Octopus Server
4.3
CVSSv3
CVE-2022-2346
In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints.
Octopus Octopus Server
4.3
CVSSv3
CVE-2022-2416
In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment.
Octopus Octopus Server
9.8
CVSSv3
CVE-2022-2572
In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked.
Octopus Octopus Server
5.3
CVSSv3
CVE-2022-2720
In affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value masking will only partially work.
Octopus Octopus Server
4.3
CVSSv3
CVE-2022-2760
In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space.
Octopus Octopus Server
5.3
CVSSv3
CVE-2022-2783
In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token
Octopus Octopus Server
9.8
CVSSv3
CVE-2018-11320
In Octopus Deploy 2018.4.4 up to and including 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs.
Octopus Octopus Server
7.5
CVSSv3
CVE-2022-3460
In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.
Octopus Octopus Server
6.1
CVSSv3
CVE-2022-3614
In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation.
Octopus Octopus Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »