Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octopus octopus server vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2019-19085
A persistent cross-site scripting (XSS) vulnerability in Octopus Server 3.4.0 up to and including 2019.10.5 allows remote authenticated malicious users to inject arbitrary web script or HTML.
Octopus Server
445
VMScore
CVE-2021-31816
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.
Octopus Server
312
VMScore
CVE-2022-1502
Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions.
Octopus Server
312
VMScore
CVE-2019-15507
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is f...
Octopus Server
445
VMScore
CVE-2021-31817
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.
Octopus Server
356
VMScore
CVE-2021-31818
Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables...
Octopus Server
578
VMScore
CVE-2020-10678
In Octopus Deploy prior to 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges.
Octopus Octopus Deploy
356
VMScore
CVE-2020-12286
In Octopus Deploy prior to 2019.12.9 and 2020 prior to 2020.1.12, the TaskView permission is not scoped to any dimension. For example, a scoped user who is scoped to only one tenant can view server tasks scoped to any other tenant.
Octopus Octopus Deploy
356
VMScore
CVE-2017-15610
An issue exists in Octopus prior to 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an attacker can sign in as the Guest account and export Certificates managed by Octopus, incl...
Octopus Octopus Deploy
383
VMScore
CVE-2020-24566
In Octopus Deploy 2020.3.x prior to 2020.3.4 and 2020.4.x prior to 2020.4.1, if an authenticated user creates a deployment or runbook process using Azure steps and sets the step's execution location to run on the server/worker, then (under certain circumstances) the account ...
Octopus Octopus Deploy
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »