Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Octopus_server
(Octopus)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 45 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-08-25 | CVE-2020-16197 | An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain certificate metadata by associating a certificate with certain resources that should fail scope validation. | Octopus_server, Server | 4.3 | ||
| 2021-08-18 | CVE-2021-31820 | In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI. | Octopus_server | 7.5 | ||
| 2021-10-07 | CVE-2021-26556 | When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. | Octopus_deploy, Octopus_server | 7.8 | ||
| 2022-02-07 | CVE-2022-23184 | In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects. | Octopus_deploy, Octopus_server | 6.1 | ||
| 2022-05-19 | CVE-2022-1670 | When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users. | Octopus_server | 7.5 | ||
| 2022-07-15 | CVE-2022-1881 | In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space. | Octopus_server | 5.3 | ||
| 2022-07-15 | CVE-2022-29890 | In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. | Octopus_server | 6.1 | ||
| 2022-07-19 | CVE-2022-30532 | In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy. | Octopus_server | 5.3 | ||
| 2022-08-19 | CVE-2022-2074 | In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template. | Octopus_server | 7.5 | ||
| 2022-08-19 | CVE-2022-1901 | In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview. | Octopus_server | 5.3 |