Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Octopus_server
(Octopus)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 45 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-03-16 | CVE-2022-4009 | In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation | Octopus_server | 8.8 | ||
| 2023-08-02 | CVE-2022-2346 | In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints. | Octopus_server | 4.3 | ||
| 2023-08-02 | CVE-2022-2416 | In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment. | Octopus_server | 4.3 | ||
| 2023-05-18 | CVE-2022-4870 | In affected versions of Octopus Deploy it is possible to discover network details via error message | Octopus_server | 5.3 | ||
| 2023-05-10 | CVE-2022-4008 | In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service | Octopus_server | 5.5 | ||
| 2023-04-19 | CVE-2022-2507 | In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage | Octopus_server | 5.3 | ||
| 2023-01-03 | CVE-2022-3614 | In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation. | Octopus_server | 6.1 | ||
| 2023-02-22 | CVE-2022-2883 | In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service | Octopus_server | 7.5 | ||
| 2023-01-31 | CVE-2022-4898 | In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken to prevent the possibility of the support link being susceptible to XSS | Octopus_server | 5.4 | ||
| 2022-11-25 | CVE-2022-2721 | In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled. | Octopus_server | 7.5 |