Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octopus octopus server vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-11320
In Octopus Deploy 2018.4.4 up to and including 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs.
Octopus Octopus Server
4.3
CVSSv3
CVE-2022-2416
In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment.
Octopus Octopus Server
7.5
CVSSv3
CVE-2022-3460
In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.
Octopus Octopus Server
5.3
CVSSv3
CVE-2022-2507
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage
Octopus Octopus Server
5.3
CVSSv3
CVE-2022-2508
In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging.
Octopus Octopus Server
7.5
CVSSv3
CVE-2022-1670
When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users.
Octopus Octopus Server
4.3
CVSSv3
CVE-2019-15698
In Octopus Deploy 2019.7.3 up to and including 2019.7.9, in certain circumstances, an authenticated user with VariableView permissions could view sensitive values. This is fixed in 2019.7.10.
Octopus Octopus Server
7.5
CVSSv3
CVE-2018-12089
In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set ...
Octopus Octopus Server
6.5
CVSSv3
CVE-2019-15508
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fi...
Octopus Server
Octopus Tentacle
4.3
CVSSv3
CVE-2022-1502
Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions.
Octopus Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »