Lucene search
K

338 matches found

CNNVD
CNNVD
added 2021/07/08 12:0 a.m.6 views

Octopus Server 安全漏洞

Octopus Server is an automated deployment platform. Octopus Server is vulnerable to a plaintext storage of sensitive information, which stems from database passwords being written in plaintext to the OctopusServer.txt log file. No detailed vulnerability details are currently available...

7.5CVSS5.5AI score0.00858EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/07/08 12:0 a.m.7 views

Octopus Server 安全漏洞

Octopus Server is an automated deployment platform. Octopus Server is vulnerable to a plaintext storage of sensitive information, which stems from database passwords being written in plaintext to the OctopusServer.txt log file. No detailed vulnerability details are currently available...

7.5CVSS5.5AI score0.00858EPSS
Exploits0References1
OSV
OSV
added 2021/06/17 2:15 p.m.5 views

CVE-2021-31818

Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables...

4.3CVSS5.8AI score0.00622EPSS
Exploits0References1
NVD
NVD
added 2021/06/17 2:15 p.m.22 views

CVE-2021-31818

Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables...

4.3CVSS0.00622EPSS
Exploits0References1
Prion
Prion
added 2021/06/17 2:15 p.m.47 views

Sql injection

Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables...

4CVSS5.2AI score0.00622EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/06/17 1:22 p.m.26 views

CVE-2021-31818

Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables...

5.5AI score0.00622EPSS
Exploits0References1
CVE
CVE
added 2021/06/17 1:22 p.m.43 views

CVE-2021-31818

CVE-2021-31818 : Affected product is Octopus Server. The vulnerability is an authenticated SQL injection in the Events REST API caused by user-supplied data not being parameterised, allowing an attacker to access database tables. This is documented across multiple sources (NVD/Red Hat/CNNVD). Exp...

4.3CVSS5.1AI score0.00622EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/05/14 11:15 a.m.6 views

CVE-2021-30183

Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext...

7.5CVSS5.8AI score0.00866EPSS
Exploits0References2
NVD
NVD
added 2021/05/14 11:15 a.m.15 views

CVE-2021-30183

Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext...

7.5CVSS0.00866EPSS
Exploits0References2
Prion
Prion
added 2021/05/14 11:15 a.m.38 views

Code injection

Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext...

5CVSS7.5AI score0.00866EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/05/14 10:36 a.m.42 views

CVE-2021-30183

The CVE-2021-30183 issue affects Octopus Server across multiple versions, where during import/export operations the password used to encrypt/decrypt sensitive values is written in plaintext to logs. Root cause is cleartext storage of sensitive information in log output. Public documents confirm t...

7.5CVSS7.4AI score0.00866EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/05/14 10:36 a.m.18 views

CVE-2021-30183

Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext...

7.7AI score0.00866EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/05/14 12:0 a.m.5 views

Octopus Server 安全漏洞

Octopus Deploy is an automation tool for .NET, Java, and other application development and deployment from Octopus Deploy Australia. A security vulnerability exists in Octopus Server that stems from storing sensitive information in plaintext in multiple versions of Octopus Server, where in some...

7.5CVSS7.3AI score0.00866EPSS
Exploits0References3
NVD
NVD
added 2019/11/18 4:15 p.m.13 views

CVE-2019-19085

A persistent cross-site scripting XSS vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote authenticated attackers to inject arbitrary web script or HTML...

5.4CVSS5.1AI score0.00615EPSS
Exploits0References1
OSV
OSV
added 2019/11/18 4:15 p.m.6 views

CVE-2019-19085

A persistent cross-site scripting XSS vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote authenticated attackers to inject arbitrary web script or HTML...

5.4CVSS6.1AI score0.00615EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/11/18 3:36 p.m.18 views

CVE-2019-19085

A persistent cross-site scripting XSS vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote authenticated attackers to inject arbitrary web script or HTML...

5.1AI score0.00615EPSS
Exploits0References1
CVE
CVE
added 2019/11/18 3:36 p.m.58 views

CVE-2019-19085

CVE-2019-19085 is a persistent XSS in Octopus Server (versions 3.4.0 through 2019.10.5). According to the provided documents, remote authenticated attackers could inject arbitrary web script/HTML. The sources do not specify exploitation status, affected product families beyond Octopus Server, or ...

5.4CVSS5AI score0.00615EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2017/10/19 8:29 a.m.3 views

CVE-2017-15610

An issue was discovered in Octopus before 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an attacker can sign in as the Guest account and export Certificates managed by Octopus, including the...

6.5CVSS5.8AI score0.006EPSS
Exploits0References1
Rows per page
Query Builder