Product:

Octopus_server

(Octopus)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 45
Date Id Summary Products Score Patch Annotated
2022-10-27 CVE-2022-2508 In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging. Octopus_server 5.3
2022-10-27 CVE-2022-2782 In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters. Octopus_server 9.1
2022-11-01 CVE-2022-2572 In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked. Octopus_server 9.8
2023-02-22 CVE-2022-2883 In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service Octopus_server 7.5
2023-03-13 CVE-2022-2259 In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items Octopus_server 4.3
2023-03-13 CVE-2022-2258 In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items Octopus_server 4.3
2023-03-16 CVE-2022-4009 In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation Octopus_server 8.8
2023-04-19 CVE-2022-2507 In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage Octopus_server 5.3
2023-05-10 CVE-2022-4008 In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service Octopus_server 5.5
2023-05-18 CVE-2022-4870 In affected versions of Octopus Deploy it is possible to discover network details via error message Octopus_server 5.3