Octopus Server Security Vulnerabilities and Issues — Octopus Server CVE List

Lucene search

OctopusOctopus Server

4 matches found

CVE•added 2019/08/27 5:15 p.m.•90 views

CVE-2019-15698

In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, an authenticated user with VariableView permissions could view sensitive values. This is fixed in 2019.7.10.

4.3CVSS4.4AI score0.00284EPSS

CVE•added 2019/02/20 3:29 a.m.•41 views

CVE-2019-8944

An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (and before 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files.

6.5CVSS6.1AI score0.00385EPSS

CVE•added 2019/08/05 12:15 p.m.•40 views

CVE-2019-14525

In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call.

4.9CVSS5AI score0.00461EPSS

CVE•added 2019/05/01 2:29 p.m.•32 views

CVE-2019-11632

In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. (These permissions are only used in custom U...

8.1CVSS7.8AI score0.00409EPSS