Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octopus vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-24566
In Octopus Deploy 2020.3.x prior to 2020.3.4 and 2020.4.x prior to 2020.4.1, if an authenticated user creates a deployment or runbook process using Azure steps and sets the step's execution location to run on the server/worker, then (under certain circumstances) the account ...
Octopus Octopus Deploy
NA
CVE-2023-2247
In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function
Octopus Octopus Deploy
9
CVSSv2
CVE-2018-18850
In Octopus Deploy 2018.8.0 up to and including 2018.9.x prior to 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same ...
Octopus Octopus Server
4
CVSSv2
CVE-2020-12286
In Octopus Deploy prior to 2019.12.9 and 2020 prior to 2020.1.12, the TaskView permission is not scoped to any dimension. For example, a scoped user who is scoped to only one tenant can view server tasks scoped to any other tenant.
Octopus Octopus Deploy
NA
CVE-2023-1904
In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.
Octopus Octopus Server
5
CVSSv2
CVE-2020-25825
In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs.
Octopus Octopus Deploy
NA
CVE-2022-4009
In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation
Octopus Octopus Server
6.5
CVSSv2
CVE-2020-10678
In Octopus Deploy prior to 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges.
Octopus Octopus Deploy
4.3
CVSSv2
CVE-2020-27155
An issue exists in Octopus Deploy up to and including 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one.
Octopus Octopus Deploy
4
CVSSv2
CVE-2019-15698
In Octopus Deploy 2019.7.3 up to and including 2019.7.9, in certain circumstances, an authenticated user with VariableView permissions could view sensitive values. This is fixed in 2019.7.10.
Octopus Octopus Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »