Lucene search
K

338 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:48 p.m.10 views

CVE-2022-29890

In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link...

6.1CVSS6.3AI score0.0039EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:41 p.m.7 views

CVE-2022-2828

In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference IDOR vulnerability...

6.5CVSS6.6AI score0.00528EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:39 p.m.14 views

CVE-2022-2721

In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled...

7.5CVSS6.7AI score0.0056EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:39 p.m.8 views

CVE-2022-2783

In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token...

5.3CVSS7AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:38 p.m.19 views

CVE-2022-2781

In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables...

5.3CVSS7AI score0.00182EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:38 p.m.16 views

CVE-2022-2782

In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters...

9.1CVSS6.9AI score0.0053EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:36 p.m.19 views

CVE-2022-2720

In affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value masking will only partially work...

5.3CVSS6.8AI score0.0045EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:19 p.m.10 views

CVE-2022-1881

In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space...

5.3CVSS6.8AI score0.00471EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:54 p.m.15 views

CVE-2022-2780

In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack...

8.1CVSS6.9AI score0.0051EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:26 p.m.10 views

CVE-2021-30183

Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext...

7.5CVSS6.7AI score0.00866EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:40 p.m.4 views

CVE-2021-26556

When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access...

7.8CVSS7.1AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:43 p.m.11 views

CVE-2021-31816

When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext...

7.5CVSS7.7AI score0.00858EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:9 a.m.5 views

CVE-2019-19085

A persistent cross-site scripting XSS vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote authenticated attackers to inject arbitrary web script or HTML...

5.4CVSS5.5AI score0.00615EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/13 12:39 p.m.5 views

CVE-2025-0525

In affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file. This could provide an adversary with information that may aid in further attacks against the server...

7.5CVSS6.4AI score0.00346EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/13 12:39 p.m.6 views

CVE-2025-0588

In affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all server responses. By submitting a specifically crafted referrer header the user could ensure that all subsequent server responses would return 500 errors rendering the site mostly...

5.9CVSS6.6AI score0.0039EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/13 12:38 p.m.5 views

CVE-2025-0513

In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of the error message they could embed code which may impact the user viewing the error message...

5.4CVSS7.1AI score0.00225EPSS
Exploits0References1
NVD
NVD
added 2025/02/11 12:15 p.m.5 views

CVE-2025-0588

In affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all server responses. By submitting a specifically crafted referrer header the user could ensure that all subsequent server responses would return 500 errors rendering the site mostly...

5.9CVSS0.0039EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/11 11:22 a.m.7 views

CVE-2025-0588

In affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all server responses. By submitting a specifically crafted referrer header the user could ensure that all subsequent server responses would return 500 errors rendering the site mostly...

5.9CVSS6.5AI score0.0039EPSS
Exploits0References1
CVE
CVE
added 2025/02/11 11:22 a.m.64 views

CVE-2025-0588

CVE-2025-0588 affects Octopus Server. A user with sufficient access could send crafted referrer headers to enable setting custom headers in all server responses, causing subsequent responses to return 500 errors and rendering the site largely unusable. This creates a denial-of-service state that ...

5.9CVSS6.3AI score0.0039EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/02/11 11:22 a.m.10 views

CVE-2025-0588

In affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all server responses. By submitting a specifically crafted referrer header the user could ensure that all subsequent server responses would return 500 errors rendering the site mostly...

5.9CVSS0.0039EPSS
Exploits0References1
Rows per page
Query Builder