338 matches found
Octopus Server 安全漏洞
Octopus Server is an automated deployment platform. Octopus Server is vulnerable to a plaintext storage of sensitive information, which stems from database passwords being written in plaintext to the OctopusServer.txt log file. No detailed vulnerability details are currently available...
Octopus Server 安全漏洞
Octopus Server is an automated deployment platform. Octopus Server is vulnerable to a plaintext storage of sensitive information, which stems from database passwords being written in plaintext to the OctopusServer.txt log file. No detailed vulnerability details are currently available...
CVE-2021-31818
Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables...
CVE-2021-31818
Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables...
Sql injection
Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables...
CVE-2021-31818
Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables...
CVE-2021-31818
CVE-2021-31818 : Affected product is Octopus Server. The vulnerability is an authenticated SQL injection in the Events REST API caused by user-supplied data not being parameterised, allowing an attacker to access database tables. This is documented across multiple sources (NVD/Red Hat/CNNVD). Exp...
CVE-2021-30183
Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext...
CVE-2021-30183
Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext...
Code injection
Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext...
CVE-2021-30183
The CVE-2021-30183 issue affects Octopus Server across multiple versions, where during import/export operations the password used to encrypt/decrypt sensitive values is written in plaintext to logs. Root cause is cleartext storage of sensitive information in log output. Public documents confirm t...
CVE-2021-30183
Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext...
Octopus Server 安全漏洞
Octopus Deploy is an automation tool for .NET, Java, and other application development and deployment from Octopus Deploy Australia. A security vulnerability exists in Octopus Server that stems from storing sensitive information in plaintext in multiple versions of Octopus Server, where in some...
CVE-2019-19085
A persistent cross-site scripting XSS vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote authenticated attackers to inject arbitrary web script or HTML...
CVE-2019-19085
A persistent cross-site scripting XSS vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote authenticated attackers to inject arbitrary web script or HTML...
CVE-2019-19085
A persistent cross-site scripting XSS vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote authenticated attackers to inject arbitrary web script or HTML...
CVE-2019-19085
CVE-2019-19085 is a persistent XSS in Octopus Server (versions 3.4.0 through 2019.10.5). According to the provided documents, remote authenticated attackers could inject arbitrary web script/HTML. The sources do not specify exploitation status, affected product families beyond Octopus Server, or ...
CVE-2017-15610
An issue was discovered in Octopus before 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an attacker can sign in as the Guest account and export Certificates managed by Octopus, including the...