Lucene search
K

479 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:32 a.m.8 views

CVE-2019-14268

In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authenticated user in certain limited circumstances could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.3. The fix was back-porte...

6.5CVSS6.8AI score0.01083EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:31 a.m.9 views

CVE-2019-14525

In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call...

4.9CVSS6.6AI score0.01528EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/12 5:43 a.m.18 views

CVE-2025-0539

In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastructure itself...

8.8CVSS7.2AI score0.0034EPSS
Exploits0References1
NVD
NVD
added 2025/04/10 6:15 a.m.16 views

CVE-2025-0539

In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastructure itself...

8.8CVSS0.0034EPSS
Exploits0References1
OSV
OSV
added 2025/04/10 6:15 a.m.3 views

CVE-2025-0539

In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastructure itself...

8.8CVSS5.8AI score0.0034EPSS
Exploits0References1
CVE
CVE
added 2025/04/10 5:20 a.m.74 views

CVE-2025-0539

CVE-2025-0539 affects Octopus Deploy on Windows where the server can be coerced into issuing server-side requests that include authentication material. The underlying impact is that a suitably positioned attacker could compromise the account running the Octopus Server and potentially affect the h...

8.8CVSS7AI score0.0034EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/10 5:20 a.m.8 views

CVE-2025-0539

In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastructure itself...

5.9CVSS7AI score0.0034EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/10 5:20 a.m.20 views

CVE-2025-0539

In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastructure itself...

5.9CVSS0.0034EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/10 12:0 a.m.13 views

PT-2025-15911 · Octopus Deploy · Octopus Deploy

Name of the Vulnerable Software and Affected Versions: Octopus Deploy affected versions not specified Description: The issue allows an attacker to coerce the server into sending server-side requests that contain authentication material, potentially compromising the account running Octopus Server...

8.8CVSS6.2AI score0.0034EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/04/10 12:0 a.m.6 views

Octopus Deploy 安全漏洞

Octopus Deploy is an automation tool for .NET, Java and other application development and deployment from Octopus Australia. A security vulnerability exists in Octopus Deploy that stems from the fact that the server can be induced to send requests containing authentication material, which could...

8.8CVSS6.9AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/13 12:39 p.m.5 views

CVE-2025-0526

In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

5.4CVSS6.8AI score0.00337EPSS
Exploits0References1
OSV
OSV
added 2025/02/11 11:15 a.m.3 views

CVE-2025-0526

In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

5.4CVSS5.8AI score0.00337EPSS
Exploits0References2
NVD
NVD
added 2025/02/11 11:15 a.m.7 views

CVE-2025-0526

In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

5.4CVSS0.00337EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/11 10:9 a.m.4 views

CVE-2025-0526

In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

2.3CVSS7.7AI score0.00337EPSS
Exploits0References1
CVE
CVE
added 2025/02/11 10:9 a.m.87 views

CVE-2025-0526

CVE-2025-0526 affects Octopus Deploy. The issue arises from a lack of input validation in an API endpoint that permits uploading files to unexpected locations on the host, potentially enabling circumvention of intended workflows. Connected sources confirm the vulnerability description across mult...

5.4CVSS7.5AI score0.00337EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/02/11 10:9 a.m.14 views

CVE-2025-0526

In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

2.3CVSS0.00337EPSS
Exploits0References1
OSV
OSV
added 2025/02/11 9:15 a.m.4 views

CVE-2025-0589

In affected versions of Octopus Deploy where customers are using Active Directory for authentication it was possible for an unauthenticated user to make an API request against two endpoints which would retrieve some data from the associated Active Directory. The requests when crafted correctly...

5.3CVSS5.8AI score0.00357EPSS
Exploits0References1
NVD
NVD
added 2025/02/11 9:15 a.m.6 views

CVE-2025-0589

In affected versions of Octopus Deploy where customers are using Active Directory for authentication it was possible for an unauthenticated user to make an API request against two endpoints which would retrieve some data from the associated Active Directory. The requests when crafted correctly...

6.9CVSS0.00357EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/11 8:59 a.m.7 views

CVE-2025-0589

In affected versions of Octopus Deploy where customers are using Active Directory for authentication it was possible for an unauthenticated user to make an API request against two endpoints which would retrieve some data from the associated Active Directory. The requests when crafted correctly...

6.9CVSS6.8AI score0.00357EPSS
Exploits0References1
CVE
CVE
added 2025/02/11 8:59 a.m.86 views

CVE-2025-0589

CVE-2025-0589 affects Octopus Deploy when using Active Directory for authentication. An unauthenticated actor can issue API requests to two endpoints and retrieve data from the associated AD: one endpoint returns user profile details (Email address/UPN and Display name); the other returns group i...

6.9CVSS6.6AI score0.00357EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder