Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octopus vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2017-15609
Octopus prior to 3.17.7 allows malicious users to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets.
Octopus Octopus Deploy
356
VMScore
CVE-2017-15611
In Octopus prior to 3.17.7, an authenticated user who was explicitly granted the permission to invite new users (aka UserInvite) can invite users to teams with escalated privileges.
Octopus Octopus Deploy
445
VMScore
CVE-2018-10550
In Octopus Deploy prior to 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to.
Octopus Octopus Deploy
445
VMScore
CVE-2018-11320
In Octopus Deploy 2018.4.4 up to and including 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs.
Octopus Octopus Server
356
VMScore
CVE-2017-15610
An issue exists in Octopus prior to 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an attacker can sign in as the Guest account and export Certificates managed by Octopus, incl...
Octopus Octopus Deploy
516
VMScore
CVE-2020-26161
In Octopus Deploy up to and including 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header.
Octopus Octopus Deploy
383
VMScore
CVE-2020-27155
An issue exists in Octopus Deploy up to and including 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one.
Octopus Octopus Deploy
383
VMScore
CVE-2019-19375
In Octopus Deploy prior to 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. (The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8.)
Octopus Octopus Deploy
NA
CVE-2022-2507
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage
Octopus Octopus Server
NA
CVE-2022-2508
In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging.
Octopus Octopus Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »