Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octopus vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2022-2783
In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token
Octopus Octopus Server
6.5
CVSSv3
CVE-2019-15508
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fi...
Octopus Server
Octopus Tentacle
6.5
CVSSv3
CVE-2018-12884
In Octopus Deploy 3.0 onwards (prior to 2018.6.7), an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu.
Octopus Octopus Deploy 3.0
7.5
CVSSv3
CVE-2022-2013
In Octopus Server after version 2022.1.1495 and prior to 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space.
Octopus Octopus Deploy
5.3
CVSSv3
CVE-2022-1901
In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview.
Octopus Octopus Server
7.5
CVSSv3
CVE-2022-2074
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template.
Octopus Octopus Server
6.5
CVSSv3
CVE-2019-15507
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is f...
Octopus Server
7.5
CVSSv3
CVE-2022-2075
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.
Octopus Octopus Server
7.5
CVSSv3
CVE-2021-31816
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.
Octopus Server
7.5
CVSSv3
CVE-2021-31817
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.
Octopus Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »