2306 matches found
Code injection
An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one...
CVE-2020-27155
An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one...
CVE-2020-27155
CVE-2020-27155 affects Octopus Deploy up to version 2020.4.4. The issue is that, if the websocket endpoint is enabled, an untrusted tentacle host can present itself as a trusted one, enabling impersonation. The available connected documents confirm the vulnerability description but do not provide...
Octopus Deploy Information Disclosure Vulnerability (CNVD-2020-59032)
Octopus Deploy is an automated deployment and release management tool. An information disclosure vulnerability exists in Octopus Deploy versions 3.1.0 through 2020.4.0. The vulnerability stems from certain scripts that display sensitive information to users in task logs. An attacker can exploit...
CVE-2020-25825
In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs...
CVE-2020-25825
In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs...
Design/Logic Flaw
In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs...
CVE-2020-25825
In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs...
CVE-2020-25825
CVE-2020-25825 affects Octopus Deploy versions 3.1.0 through 2020.4.0. The root cause is that certain scripts display sensitive information to users in task logs, causing information disclosure. Impact is information exposure to logged-in users, as described in CNVD-2020-59032 and corroborated by...
CVE-2020-13296
An issue has been discovered in GitLab affecting versions =10.7 =13.1.0 =13.2.0 13.2.6. Improper Access Control for Deploy Tokens...
CVE-2020-13322
A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens...
CVE-2020-13322
A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens...
Improper access control
An issue has been discovered in GitLab affecting versions =10.7 =13.1.0 =13.2.0 13.2.6. Improper Access Control for Deploy Tokens...
Input validation
A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens...
CVE-2020-13322
A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens...
UBUNTU-CVE-2020-13296
An issue has been discovered in GitLab affecting versions =10.7 =13.1.0 =13.2.0 13.2.6. Improper Access Control for Deploy Tokens...
UBUNTU-CVE-2020-13322
A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens...
CVE-2020-13322
A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens...
CVE-2020-13322
Affected software: GitLab versions after 12.9. Vulnerability: Improper verification of permissions allows an unauthorized user to create and delete deploy tokens. The root cause is permission verification weakness in token management, enabling manipulation of deploy tokens by unauthenticated/insu...
CVE-2020-13322
Removed by vendor...