Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octopus vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-2572
In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked.
Octopus Octopus Server
7.5
CVSSv3
CVE-2022-3460
In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.
Octopus Octopus Server
6.5
CVSSv3
CVE-2019-19376
In Octopus Deploy prior to 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. (The fix for this was also backported to LTS 2019.9.8 and LTS 2...
Octopus Octopus Deploy
7.5
CVSSv3
CVE-2022-2883
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
Octopus Octopus Server
8.8
CVSSv3
CVE-2018-4862
In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges.
Octopus Octopus Deploy
6.5
CVSSv3
CVE-2019-14268
In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authenticated user (in certain limited circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.3. The...
Octopus Octopus Deploy
4.3
CVSSv3
CVE-2022-2760
In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space.
Octopus Octopus Server
8.1
CVSSv3
CVE-2022-2780
In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack.
Octopus Octopus Server
5.3
CVSSv3
CVE-2022-2781
In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables.
Octopus Octopus Server
9.1
CVSSv3
CVE-2022-2782
In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters.
Octopus Octopus Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »