2316 matches found
Security Bulletin: CVE-2019-17569, CVE-2020-1935 HTTP Request Smuggling if Tomcat was located behind a reverse proxy
Summary In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a...
Octopus Deploy Input Validation Error Vulnerability
Octopus Deploy is an automation tool for .NET, Java and other application development and deployment from Octopus Deploy Australia. A security vulnerability exists in Octopus Deploy versions prior to 2020.4.2 that allows an attacker to redirect users to an external site via a modified HTTP Host...
CVE-2020-26161
In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header...
CVE-2020-26161
In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header...
Design/Logic Flaw
In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header...
CVE-2020-26161
CVE-2020-26161 affects Octopus Deploy up to version 2020.4.2. The vulnerability arises from a flaw where an attacker could cause a user to be redirected to an external site by supplying a modified HTTP Host header. Multiple connected sources corroborate this description (e.g., Red Hat, CNVD, NVD/...
CVE-2020-26161
In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header...
CVE-2020-27155
An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one...
CVE-2020-27155
An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one...
CVE-2020-27155
An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one...
Code injection
An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one...
CVE-2020-27155
An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one...
CVE-2020-27155
CVE-2020-27155 affects Octopus Deploy up to version 2020.4.4. The issue is that, if the websocket endpoint is enabled, an untrusted tentacle host can present itself as a trusted one, enabling impersonation. The available connected documents confirm the vulnerability description but do not provide...
Octopus Deploy Information Disclosure Vulnerability (CNVD-2020-59032)
Octopus Deploy is an automated deployment and release management tool. An information disclosure vulnerability exists in Octopus Deploy versions 3.1.0 through 2020.4.0. The vulnerability stems from certain scripts that display sensitive information to users in task logs. An attacker can exploit...
CVE-2020-25825
In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs...
CVE-2020-25825
In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs...
Design/Logic Flaw
In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs...
CVE-2020-25825
In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs...
CVE-2020-25825
CVE-2020-25825 affects Octopus Deploy versions 3.1.0 through 2020.4.0. The root cause is that certain scripts display sensitive information to users in task logs, causing information disclosure. Impact is information exposure to logged-in users, as described in CNVD-2020-59032 and corroborated by...
CVE-2020-13296
An issue has been discovered in GitLab affecting versions =10.7 =13.1.0 =13.2.0 13.2.6. Improper Access Control for Deploy Tokens...