20 matches found
CVE-2021-31822
When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access...
EUVD-2019-6496
Malware in sbrugna...
CVE-2021-26557
When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access...
CVE-2019-15508
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user in certain limited OctopusPrintVariables circumstances could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The f...
CVE-2021-31822
When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access...
CVE-2021-31822
When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access...
Code injection
When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access...
CVE-2021-31822
CVE-2021-31822 affects Octopus Tentacle on Linux where the systemd service file permissions are misconfigured. The underlying issue allows a local unprivileged user to modify the systemd service file, enabling privilege escalation. Public references (NVD, Red Hat, OSV, CNNVD, etc.) describe this ...
CVE-2021-31822
When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access...
Octopus Server 配置错误漏洞
Octopus Server is an automated deployment platform. A misconfiguration vulnerability exists in Octopus Tentacle that stems from a misconfiguration of the product's systemd file on Linux systems. An attacker could gain privileged access by modifying the systemd file. The following products and...
CVE-2021-26557
When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access...
Design/Logic Flaw
When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access...
CVE-2021-26557
CVE-2021-26557 affects Octopus Tentacle when installed to a custom folder where folder ACLs are not set correctly. This misconfiguration can allow an unprivileged user to use DLL side-loading to gain privileged access, resulting in a local privilege escalation. The NVD data cites local attack vec...
CVE-2021-26557
When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access...
Octopus Tentacle 代码问题漏洞
Octopus Server is an automated deployment platform. Octopus Tentacle has a security vulnerability that could result in unprivileged users gaining privileged access when Octopus Tentacle is installed using a custom folder location...
CVE-2019-15508
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user in certain limited OctopusPrintVariables circumstances could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The f...
CVE-2019-15508
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user in certain limited OctopusPrintVariables circumstances could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The f...
Cross site request forgery (csrf)
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user in certain limited OctopusPrintVariables circumstances could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The f...
CVE-2019-15508
In Octopus Tentacle, versions 3.0.8 through 5.0.0 are affected. When a web request proxy is configured, an authenticated user (under certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. The i...
CVE-2019-15508
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user in certain limited OctopusPrintVariables circumstances could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The f...