Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octopus vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-4456
In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page.
NA
CVE-2024-4226
It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.
NA
CVE-2024-0890
A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipulation of the argument ancestors leads to sql injection. It is possible to launch the attack remotely. The exploit has ...
Hongmaple Octopus 1.0
NA
CVE-2024-0891
A vulnerability was found in hongmaple octopus 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument description with the input <script>alert(document.cookie)</script> leads to cross site...
Hongmaple Octopus 1.0
NA
CVE-2024-0784
A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/role/list. The manipulation of the argument dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has ...
Hongmaple Octopus 1.0
NA
CVE-2023-1904
In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.
Octopus Octopus Server
NA
CVE-2022-2416
In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment.
Octopus Octopus Server
NA
CVE-2022-2346
In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints.
Octopus Octopus Server
NA
CVE-2022-4870
In affected versions of Octopus Deploy it is possible to discover network details via error message
Octopus Octopus Server
NA
CVE-2022-4008
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
Octopus Octopus Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »