Octopus Deploy Security Vulnerabilities and Issues — Octopus Deploy CVE List

Lucene search

OctopusOctopus Deploy

5 matches found

CVE•added 2017/11/13 9:29 a.m.•38 views

CVE-2017-16801

Cross-site scripting (XSS) vulnerability in Octopus Deploy 3.7.0-3.17.13 (fixed in 3.17.14) allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name parameter.

5.4CVSS5AI score0.0015EPSS

CVE•added 2018/05/01 1:29 p.m.•37 views

CVE-2018-10581

In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple teams...

5.5CVSS5.4AI score0.00227EPSS

CVE•added 2019/11/28 5:15 p.m.•37 views

CVE-2019-19375

In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. (The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8.)

5.3CVSS5.2AI score0.00167EPSS

CVE•added 2017/11/14 3:29 a.m.•32 views

CVE-2017-16810

Cross-site scripting (XSS) vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 (fixed in 3.13.7) allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter.

5.4CVSS5.3AI score0.0015EPSS

CVE•added 2023/05/02 5:15 a.m.•24 views

CVE-2023-2247

In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function

5.3CVSS5.3AI score0.0022EPSS