Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Octopus_server
(Octopus)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 45 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-12-14 | CVE-2023-1904 | In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server. | Octopus_server | 7.5 | ||
| 2021-08-18 | CVE-2021-31820 | In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI. | Octopus_server | 7.5 | ||
| 2021-10-07 | CVE-2021-26556 | When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. | Octopus_deploy, Octopus_server | 7.8 | ||
| 2022-08-19 | CVE-2022-1901 | In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview. | Octopus_server | 5.3 | ||
| 2022-09-30 | CVE-2022-2778 | In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes. | Octopus_server | 9.8 | ||
| 2022-10-06 | CVE-2022-2781 | In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables. | Octopus_server | 5.3 | ||
| 2022-10-06 | CVE-2022-2783 | In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token | Octopus_server | 5.3 | ||
| 2023-01-03 | CVE-2022-3460 | In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview. | Octopus_server | 7.5 | ||
| 2023-03-13 | CVE-2022-2258 | In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items | Octopus_server | 4.3 | ||
| 2023-03-13 | CVE-2022-2259 | In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items | Octopus_server | 4.3 |