338 matches found
EUVD-2022-34319
Malicious code in bioql PyPI...
EUVD-2022-28274
Malicious code in bioql PyPI...
EUVD-2024-50281
Malicious code in bioql PyPI...
EUVD-2022-34962
Malicious code in bioql PyPI...
EUVD-2022-24956
Malicious code in bioql PyPI...
EUVD-2025-1734
Malicious code in bioql PyPI...
EUVD-2022-35023
Malicious code in bioql PyPI...
EUVD-2025-1728
Malicious code in bioql PyPI...
CVE-2024-7998
In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan...
CVE-2024-4456
In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page...
CVE-2024-4226
It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed...
CVE-2024-4811
In affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacts...
CVE-2024-6972
In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text...
CVE-2023-1904
In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server...
CVE-2022-2508
In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging...
CVE-2022-4898
In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was take...
CVE-2022-2572
In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked...
CVE-2022-23184
In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects...
CVE-2022-2013
In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space...
CVE-2022-1670
When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users...