2310 matches found
CVE-2018-4862
In Octopus Deploy versions 3.2.11 - 4.1.5 fixed in 4.1.6, an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges...
CVE-2018-4862
In Octopus Deploy versions 3.2.11 - 4.1.5 fixed in 4.1.6, an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges...
CVE-2018-4862
CVE-2018-4862 affects Octopus Deploy versions 3.2.11–4.1.5; fixed in 4.1.6. An authenticated user with ProcessEdit permission could reference an Azure account in a way that bypassed scoping restrictions, potentially enabling privilege escalation. The underlying cause is insufficient validation of...
Octopus Deploy Security Bypass Vulnerability
Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A security vulnerability exists in versions of Octopus Deploy prior to 4.1.3 that stems from the device update process failing to check if a user has access to all environments. An attacker coul...
Octopus Deploy Access Control Bypass Vulnerability
In Octopus Deploy, the machine update process doesn SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:octopus:octopusdeploy"; if...
CVE-2017-17665
In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access...
Improper access control
In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access...
CVE-2017-17665
In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access...
CVE-2017-17665
In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access...
CVE-2017-17665
Octopus Deploy prior to 4.1.3 is affected: the machine update process does not verify a user’s access to all environments, enabling an access‑control bypass by scoping a machine to environments the user cannot access. Vulnerable component: machine update process; root cause: missing environment‑l...
The vulnerability of the software for automating the deployment of IBM UrbanCode Deploy (UCD) applications, related to lack of access control, allows a perpetrator to execute arbitrary code.
The vulnerability of the software for automating the deployment of IBM UrbanCode Deploy UCD applications is related to lack of access control. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code on machines equipped with the UCD agent where client...
Octopus Deploy Access Control Vulnerability
An issue was discovered in Octopus. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an attacker can sign in as the Guest account and export Certificates managed by Octopus, including the private key...
Octopus Deploy XSS Vulnerability
Cross-site scripting XSS vulnerability in the All Variables tab in Octopus Deploy allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and...
Octopus Deploy Directory Traversal Vulnerability
In Octopus Deploy, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value. SPDX-FileCopyrightText: 2017 Greenbone ...
Octopus Deploy Privilege Escalation Vulnerability
In Octopus, an authenticated user who was explicitly granted the permission to invite new users aka UserInvite can invite users to teams with escalated privileges. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...
Octopus Deploy Information Disclosure Vulnerability
Octopus allows attackers to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Octopus Deploy XSS Vulnerability
Cross-site scripting XSS vulnerability in Octopus Deploy allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name parameter. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright ...
Octopus Deploy Detection
Detection of Octopus Deploy. The script sends a connection request to the server and attempts to detect Octopus Deploy and extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective righ...
Cross site scripting
Cross-site scripting XSS vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 fixed in 3.13.7 allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter...
CVE-2017-16810
Cross-site scripting XSS vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 fixed in 3.13.7 allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter...