Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octopus vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-2783
In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token
Octopus Octopus Server
4
CVSSv2
CVE-2018-12884
In Octopus Deploy 3.0 onwards (prior to 2018.6.7), an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu.
Octopus Octopus Deploy 3.0
3.5
CVSSv2
CVE-2019-15508
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fi...
Octopus Server
Octopus Tentacle
3.5
CVSSv2
CVE-2019-15507
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is f...
Octopus Server
5
CVSSv2
CVE-2021-31817
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.
Octopus Server
2.1
CVSSv2
CVE-2021-31821
When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image
Octopus Tentacle
NA
CVE-2022-30532
In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy.
Octopus Octopus Server
10
CVSSv2
CVE-2021-31819
In Halibut versions before 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification.
Octopus Halibut
1 Github repository
5
CVSSv2
CVE-2021-31816
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.
Octopus Server
4
CVSSv2
CVE-2021-31818
Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables...
Octopus Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »