Octopus Server Security Vulnerabilities and Issues — Page 2 of Octopus Server CVE List

Lucene search

OctopusOctopus Server

60 matches found

CVE•added 2023/05/10 6:15 a.m.•33 views

CVE-2022-4008

In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service

5.5CVSS5.5AI score0.00036EPSS

CVE•added 2018/10/31 3:29 a.m.•32 views

CVE-2018-18850

In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server (fo...

9CVSS8.5AI score0.03721EPSS

CVE•added 2019/05/01 2:29 p.m.•32 views

CVE-2019-11632

In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. (These permissions are only used in custom U...

8.1CVSS7.8AI score0.00409EPSS

CVE•added 2023/08/02 6:15 a.m.•32 views

CVE-2022-2416

In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment.

5.5CVSS4.6AI score0.00082EPSS

CVE•added 2023/01/31 4:15 a.m.•32 views

CVE-2022-4898

In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken ...

5.4CVSS5.1AI score0.00036EPSS

CVE•added 2018/06/11 10:29 a.m.•30 views

CVE-2018-12089

In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. This is fi...

7.5CVSS7.4AI score0.00347EPSS

CVE•added 2022/10/06 6:15 p.m.•30 views

CVE-2022-2781

In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables.

5.3CVSS5.4AI score0.00116EPSS

CVE•added 2023/05/18 12:15 a.m.•26 views

CVE-2022-4870

In affected versions of Octopus Deploy it is possible to discover network details via error message

5.3CVSS5.3AI score0.00186EPSS

CVE•added 2023/12/14 8:15 a.m.•24 views

CVE-2023-1904

In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.

7.5CVSS5.8AI score0.00248EPSS

CVE•added 2024/04/09 1:15 a.m.•24 views

CVE-2024-2975

A race condition was identified through which privilege escalation was possible in certain configurations.

8.8CVSS7.1AI score0.00299EPSS

Total number of security vulnerabilities60