Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octopus vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-10678
In Octopus Deploy prior to 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges.
Octopus Octopus Deploy
5.3
CVSSv3
CVE-2022-2507
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage
Octopus Octopus Server
4.3
CVSSv3
CVE-2022-2416
In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment.
Octopus Octopus Server
6.5
CVSSv3
CVE-2020-14470
In Octopus Deploy 2018.8.0 up to and including 2019.x prior to 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password.
Octopus Octopus Deploy
6.5
CVSSv3
CVE-2022-2528
In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages.
Octopus Octopus Server
7.5
CVSSv3
CVE-2017-15609
Octopus prior to 3.17.7 allows malicious users to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets.
Octopus Octopus Deploy
6.5
CVSSv3
CVE-2017-15610
An issue exists in Octopus prior to 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an attacker can sign in as the Guest account and export Certificates managed by Octopus, incl...
Octopus Octopus Deploy
6.5
CVSSv3
CVE-2017-15611
In Octopus prior to 3.17.7, an authenticated user who was explicitly granted the permission to invite new users (aka UserInvite) can invite users to teams with escalated privileges.
Octopus Octopus Deploy
6.5
CVSSv3
CVE-2019-19376
In Octopus Deploy prior to 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. (The fix for this was also backported to LTS 2019.9.8 and LTS 2...
Octopus Octopus Deploy
5.3
CVSSv3
CVE-2022-2781
In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables.
Octopus Octopus Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »