Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octopus vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2021-31818
Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables...
Octopus Server
5.5
CVSSv3
CVE-2021-31821
When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image
Octopus Tentacle
7.8
CVSSv3
CVE-2021-31822
When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access.
Octopus Tentacle
7.8
CVSSv3
CVE-2021-26557
When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access.
Octopus Tentacle
7.5
CVSSv3
CVE-2022-2075
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.
Octopus Octopus Server
9.8
CVSSv3
CVE-2021-31819
In Halibut versions before 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification.
Octopus Halibut
1 Github repository
7.5
CVSSv3
CVE-2021-31820
In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI.
Octopus Octopus Server
7.5
CVSSv3
CVE-2022-2074
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template.
Octopus Octopus Server
9.8
CVSSv3
CVE-2022-2778
In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes.
Octopus Octopus Server
7.5
CVSSv3
CVE-2021-30183
Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext.
Octopus Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »