Octopus Deploy Information Disclosure Vulnerability (CNVD-2018-11359)

Octopus Deploy is an automation tool for the development and deployment of .NET, Java and other applications from Octopus Deploy Australia. A security vulnerability exists in Octopus Deploy versions 2018.5.1 through 2018.5.7. An attacker could use the vulnerability to view passwords...

Design/Logic Flaw

In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. This is...

CVE-2018-12089

In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. This is...

CVE-2018-12089

In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. This is...

CVE-2018-12089

In Octopus Deploy versions 2018.5.1–2018.5.7 , a user with Task View could view a Service Fabric Cluster password when the cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. Root cause: potential disclosure due...

Arbitrary Code Execution Through Object Deserialization

kubernetes-deploy is vulnerable to arbitrary code execution through object deserialization. The vulnerability exists due to the usage of the unsafe YAML.loadfile to read yaml files, allowing object deserialization to occur causing the code execution flaw...

CVE-2018-18850

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/octopusdeploydeploy.rb 2025-10-23 21:12:58+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

IBM UrbanCode Deploy Information Disclosure Vulnerability (CNVD-2018-10455)

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...

Gitlab -- multiple vulnerabilities

GitLab reports: Removing public deploy keys regression Users can update their password without entering current password Persistent XSS - Selecting users as allowed merge request approvers Persistent XSS - Multiple locations of user selection drop downs include directive in .gitlab-ci.yml allows...

CVE-2017-1752

IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547...

Code injection

IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547...

CVE-2017-1752

IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547...

CVE-2017-1752

IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547...

CVE-2017-1752

CVE-2017-1752 affects IBM UrbanCode Deploy 6.1 (up to 6.1.3.8) and 6.2 (up to 6.2.7.0). The issue allows an authenticated privileged user to obtain highly sensitive information due to improper access controls in the deployment tool. Affected versions: IBM UrbanCode Deploy 6.1.x and 6.2.x. The rem...

Octopus Deploy Information Disclosure Vulnerability (CNVD-2018-10600)

Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A security vulnerability exists in Octopus Deploy versions 2018.4.4 through 2018.5.1, which stems from the program's failure to obfuscate sensitive Octopus variables in the deployment log. An...

CVE-2018-11320

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs...

Code injection

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs...

CVE-2018-11320

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs...

CVE-2018-11320

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs...

CVE-2018-11320

CVE-2018-11320 affects Octopus Deploy installations running 2018.4.4–2018.5.1, where Octopus variables sourced from the target are not obfuscated in deployment logs. The connected Red Hat, CNVD, and NVD records corroborate the same vulnerable window and behavior. The core issue is exposure of sen...