Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octopus vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-27155
An issue exists in Octopus Deploy up to and including 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one.
Octopus Octopus Deploy
4
CVSSv2
CVE-2018-12884
In Octopus Deploy 3.0 onwards (prior to 2018.6.7), an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu.
Octopus Octopus Deploy 3.0
3.5
CVSSv2
CVE-2019-15508
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fi...
Octopus Server
Octopus Tentacle
4.3
CVSSv2
CVE-2022-2013
In Octopus Server after version 2022.1.1495 and prior to 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space.
Octopus Octopus Deploy
NA
CVE-2022-1901
In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview.
Octopus Octopus Server
NA
CVE-2022-2074
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template.
Octopus Octopus Server
NA
CVE-2022-2075
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.
Octopus Octopus Server
NA
CVE-2022-30532
In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy.
Octopus Octopus Server
NA
CVE-2022-2049
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.
Octopus Octopus Server
3.5
CVSSv2
CVE-2022-1502
Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions.
Octopus Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »