Search
Total
14 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2258 | 1 Octopus | 1 Octopus Server | 2023-08-08 | N/A | 4.3 MEDIUM |
| In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items | |||||
| CVE-2022-1901 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2023-08-08 | N/A | 5.3 MEDIUM |
| In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview. | |||||
| CVE-2022-2781 | 1 Octopus | 1 Octopus Server | 2023-08-08 | N/A | 5.3 MEDIUM |
| In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables. | |||||
| CVE-2022-2259 | 1 Octopus | 1 Octopus Server | 2023-08-08 | N/A | 4.3 MEDIUM |
| In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items | |||||
| CVE-2022-2783 | 1 Octopus | 1 Octopus Server | 2023-08-08 | N/A | 5.3 MEDIUM |
| In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token | |||||
| CVE-2022-2346 | 1 Octopus | 1 Octopus Server | 2023-08-07 | N/A | 4.3 MEDIUM |
| In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints. | |||||
| CVE-2022-2416 | 1 Octopus | 1 Octopus Server | 2023-08-04 | N/A | 4.3 MEDIUM |
| In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment. | |||||
| CVE-2022-1881 | 1 Octopus | 1 Octopus Server | 2022-07-27 | N/A | 5.3 MEDIUM |
| In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space. | |||||
| CVE-2020-16197 | 1 Octopus | 2 Octopus Server, Server | 2022-07-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain certificate metadata by associating a certificate with certain resources that should fail scope validation. | |||||
| CVE-2019-14525 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2022-07-27 | 4.0 MEDIUM | 4.9 MEDIUM |
| In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call. | |||||
| CVE-2019-15698 | 1 Octopus | 1 Octopus Server | 2022-07-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, an authenticated user with VariableView permissions could view sensitive values. This is fixed in 2019.7.10. | |||||
| CVE-2022-23184 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2022-07-27 | 5.8 MEDIUM | 6.1 MEDIUM |
| In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects. | |||||
| CVE-2019-8944 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2022-07-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (and before 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files. | |||||
| CVE-2017-11348 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2022-07-27 | 6.3 MEDIUM | 5.7 MEDIUM |
| In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value. | |||||