Octopus Server Security Vulnerabilities and Issues — Octopus Server CVE List

Lucene search

OctopusOctopus Server

13 matches found

CVE•added 2023/03/16 4:15 a.m.•50 views

CVE-2022-4009

In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation

8.8CVSS8.6AI score0.00377EPSS

CVE•added 2023/01/03 12:15 a.m.•48 views

CVE-2022-3460

In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.

7.5CVSS7.4AI score0.00316EPSS

CVE•added 2023/03/13 5:15 a.m.•44 views

CVE-2022-2259

In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items

4.3CVSS4.6AI score0.00096EPSS

CVE•added 2023/01/03 2:15 a.m.•38 views

CVE-2022-3614

In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation.

6.1CVSS6.5AI score0.00083EPSS

CVE•added 2023/02/22 1:15 a.m.•37 views

CVE-2022-2883

In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service

7.5CVSS7.4AI score0.00189EPSS

CVE•added 2023/04/19 8:15 a.m.•36 views

CVE-2022-2507

In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage

5.3CVSS5.3AI score0.00246EPSS

CVE•added 2023/03/13 5:15 a.m.•34 views

CVE-2022-2258

In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items

4.3CVSS4.6AI score0.00146EPSS

CVE•added 2023/08/02 2:15 a.m.•34 views

CVE-2022-2346

In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints.

5.5CVSS4.6AI score0.00076EPSS

CVE•added 2023/05/10 6:15 a.m.•33 views

CVE-2022-4008

In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service

5.5CVSS5.5AI score0.00036EPSS

CVE•added 2023/08/02 6:15 a.m.•32 views

CVE-2022-2416

In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment.

5.5CVSS4.6AI score0.00082EPSS

CVE•added 2023/01/31 4:15 a.m.•32 views

CVE-2022-4898

In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken ...

5.4CVSS5.1AI score0.00036EPSS

CVE•added 2023/05/18 12:15 a.m.•26 views

CVE-2022-4870

In affected versions of Octopus Deploy it is possible to discover network details via error message

5.3CVSS5.3AI score0.00186EPSS

CVE•added 2023/12/14 8:15 a.m.•24 views

CVE-2023-1904

In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.

7.5CVSS5.8AI score0.00248EPSS