Octopus Server Security Vulnerabilities and Issues — Octopus Server CVE List

Lucene search

OctopusOctopus Server

6 matches found

CVE•added 2024/09/30 11:15 p.m.•73 views

CVE-2024-9194

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, from 2024.3...

9.8CVSS7.2AI score0.00304EPSS

CVE•added 2022/09/30 4:15 a.m.•48 views

CVE-2022-2778

In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes.

9.8CVSS9.3AI score0.00058EPSS

CVE•added 2022/10/27 10:15 a.m.•37 views

CVE-2022-2782

In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters.

9.1CVSS9.1AI score0.00157EPSS

CVE•added 2018/05/21 2:29 p.m.•36 views

CVE-2018-11320

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs.

9.8CVSS9.3AI score0.00289EPSS

CVE•added 2022/11/01 2:15 a.m.•36 views

CVE-2022-2572

In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked.

9.8CVSS9.5AI score0.00245EPSS

CVE•added 2018/10/31 3:29 a.m.•32 views

CVE-2018-18850

In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server (fo...

9CVSS8.5AI score0.03604EPSS