43 matches found
CVE-2021-31822
When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access...
CVE-2021-31821
When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image...
EUVD-2019-6496
Malware in sbrugna...
EUVD-2021-18696
Malware in sbrugna...
CVE-2021-36711
WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled...
CVE-2021-26557
When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access...
CVE-2020-27155
An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one...
CVE-2019-15508
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user in certain limited OctopusPrintVariables circumstances could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The f...
CVE-2022-38130
The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file i.e., \\sms,...
CVE-2022-38130
CVE-2022-38130 affects Keysight SMS (com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip). An unauthenticated, remote attacker can supply an UNC path to a zipped HSQLDB database, causing the database content to be restored and potentially enabling remote code execution as described...
OctoBot WebInterface 0.4.3 - Remote Code Execution Exploit
Exploit Title: OctoBot WebInterface 0.4.3 - Remote Code Execution RCE Exploit Author: Samy Younsi, Thomas Knudsen Vendor Homepage: https://www.octobot.online/ Software Link: https://github.com/Drakkar-Software/OctoBot Version: 0.4.0beta3 - 0.4.3 Tested on: Linux Ubuntu, CentOs CVE : CVE-2021-3671...
OctoBot 代码问题漏洞
OctoBot is a powerful and fully modular open source cryptocurrency trading bot from the OctoBot community. A security vulnerability exists in OctoBot Tentacle versions 0.4.0beta3 through 0.4.3, which stems from a security flaw in the Tentacle Upload feature...
CVE-2021-31821
When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image...
CVE-2021-31821
When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image...
Design/Logic Flaw
When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image...
CVE-2021-31821
CVE-2021-31821 affects the Windows Tentacle docker image; on startup it logs commands and arguments, exposing the Octopus Server API key in plaintext. Linux Docker image is not affected. CVSS data indicate Confidentiality Impact HIGH (3.1; base 5.5) and Local, Low complexity access. No remediatio...
CVE-2021-31821
When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image...
Octopus Server 信息泄露漏洞
Octopus Server is an automated deployment platform. An information disclosure vulnerability exists in Octopus Server that stems from the fact that when a Windows Tentacle docker image is started, it logs all the commands that it runs as well as the parameters that are written in plaintext to the...
CVE-2021-31822
When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access...
CVE-2021-31822
When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access...