Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octopus octopus server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-2049
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.
Octopus Octopus Server
NA
CVE-2022-2528
In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages.
Octopus Octopus Server
NA
CVE-2022-4008
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
Octopus Octopus Server
NA
CVE-2022-4870
In affected versions of Octopus Deploy it is possible to discover network details via error message
Octopus Octopus Server
NA
CVE-2022-4898
In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different ...
Octopus Octopus Server
312
VMScore
CVE-2019-15508
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fi...
Octopus Server
Octopus Tentacle
445
VMScore
CVE-2021-30183
Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext.
Octopus Server
312
VMScore
CVE-2019-15507
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is f...
Octopus Server
445
VMScore
CVE-2021-31817
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.
Octopus Server
356
VMScore
CVE-2021-31818
Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables...
Octopus Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »