Product:

Octopus_server

(Octopus)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 45
Date Id Summary Products Score Patch Annotated
2022-07-15 CVE-2022-1881 In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space. Octopus_server 5.3
2022-07-15 CVE-2022-29890 In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. Octopus_server 6.1
2022-07-19 CVE-2022-30532 In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy. Octopus_server 5.3
2022-08-19 CVE-2022-2074 In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template. Octopus_server 7.5
2022-08-19 CVE-2022-1901 In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview. Octopus_server 5.3
2022-08-19 CVE-2022-2049 In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function. Octopus_server 7.5
2022-08-19 CVE-2022-2075 In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation. Octopus_server 7.5
2022-09-09 CVE-2022-2528 In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages. Octopus_server 6.5
2022-10-06 CVE-2022-2781 In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables. Octopus_server 5.3
2022-10-06 CVE-2022-2783 In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token Octopus_server 5.3