Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octopus vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-2346
In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints.
Octopus Octopus Server
NA
CVE-2022-2508
In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging.
Octopus Octopus Server
NA
CVE-2022-2720
In affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value masking will only partially work.
Octopus Octopus Server
356
VMScore
CVE-2019-19376
In Octopus Deploy prior to 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. (The fix for this was also backported to LTS 2019.9.8 and LTS 2...
Octopus Octopus Deploy
383
VMScore
CVE-2019-19375
In Octopus Deploy prior to 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. (The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8.)
Octopus Octopus Deploy
NA
CVE-2022-3460
In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.
Octopus Octopus Server
NA
CVE-2022-2828
In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability
Octopus Octopus Server
NA
CVE-2022-2507
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage
Octopus Octopus Server
NA
CVE-2023-1904
In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.
Octopus Octopus Server
NA
CVE-2022-2528
In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages.
Octopus Octopus Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »