Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octopus vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-31820
In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI.
Octopus Octopus Server
4.6
CVSSv2
CVE-2021-31822
When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access.
Octopus Tentacle
5
CVSSv2
CVE-2021-30183
Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext.
Octopus Server
NA
CVE-2022-2049
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.
Octopus Octopus Server
NA
CVE-2022-2074
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template.
Octopus Octopus Server
NA
CVE-2022-2075
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.
Octopus Octopus Server
4.4
CVSSv2
CVE-2021-26557
When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access.
Octopus Tentacle
4.3
CVSSv2
CVE-2022-2013
In Octopus Server after version 2022.1.1495 and prior to 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space.
Octopus Octopus Deploy
3.5
CVSSv2
CVE-2022-1502
Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions.
Octopus Server
2.1
CVSSv2
CVE-2021-21270
OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and previous versions a customer API key used to connect to Octopus Server is exposed via logging in plaintext...
Octopus Octopusdsc
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »