Filtered by vendor Octopus
Subscriptions
Total
87 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4898 | 1 Octopus | 1 Octopus Server | 2025-03-27 | 5.4 Medium |
| In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken to prevent the possibility of the support link being susceptible to XSS | ||||
| CVE-2022-2883 | 1 Octopus | 1 Octopus Server | 2025-03-11 | 7.5 High |
| In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service | ||||
| CVE-2022-2259 | 1 Octopus | 1 Octopus Server | 2025-03-03 | 4.3 Medium |
| In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items | ||||
| CVE-2022-2258 | 1 Octopus | 1 Octopus Server | 2025-02-27 | 4.3 Medium |
| In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items | ||||
| CVE-2022-4009 | 1 Octopus | 1 Octopus Server | 2025-02-26 | 8.8 High |
| In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation | ||||
| CVE-2022-2507 | 1 Octopus | 1 Octopus Server | 2025-02-05 | 5.3 Medium |
| In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage | ||||
| CVE-2022-4008 | 1 Octopus | 1 Octopus Server | 2025-01-28 | 5.5 Medium |
| In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service | ||||
| CVE-2022-4870 | 1 Octopus | 1 Octopus Server | 2025-01-21 | 5.3 Medium |
| In affected versions of Octopus Deploy it is possible to discover network details via error message | ||||
| CVE-2023-2247 | 1 Octopus | 1 Octopus Deploy | 2024-12-03 | 5.3 Medium |
| In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function | ||||
| CVE-2024-2975 | 1 Octopus | 1 Octopus Server | 2024-11-21 | 8.8 High |
| A race condition was identified through which privilege escalation was possible in certain configurations. | ||||
| CVE-2023-4509 | 1 Octopus | 1 Octopus Server | 2024-11-21 | 4.3 Medium |
| It is possible for an API key to be logged in clear text in the audit log file after an invalid login attempt. | ||||
| CVE-2023-1904 | 1 Octopus | 1 Octopus Server | 2024-11-21 | 4.2 Medium |
| In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server. | ||||
| CVE-2022-30532 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | 5.3 Medium |
| In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy. | ||||
| CVE-2022-2783 | 1 Octopus | 1 Octopus Server | 2024-11-21 | 5.3 Medium |
| In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token | ||||
| CVE-2022-2781 | 1 Octopus | 1 Octopus Server | 2024-11-21 | 5.3 Medium |
| In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables. | ||||
| CVE-2022-2528 | 1 Octopus | 1 Octopus Server | 2024-11-21 | 6.5 Medium |
| In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages. | ||||
| CVE-2022-2416 | 1 Octopus | 1 Octopus Server | 2024-11-21 | 5.5 Medium |
| In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment. | ||||
| CVE-2022-2346 | 1 Octopus | 1 Octopus Server | 2024-11-21 | 5.5 Medium |
| In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints. | ||||
| CVE-2022-2075 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | 7.5 High |
| In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation. | ||||
| CVE-2022-2074 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | 7.5 High |
| In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template. | ||||