Filtered by vendor Octopus Subscriptions
Filtered by product Octopus Server Subscriptions
Total 47 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-2259 1 Octopus 1 Octopus Server 2024-08-03 4.3 Medium
In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items
CVE-2022-2074 3 Linux, Microsoft, Octopus 3 Linux Kernel, Windows, Octopus Server 2024-08-03 7.5 High
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template.
CVE-2022-2075 3 Linux, Microsoft, Octopus 3 Linux Kernel, Windows, Octopus Server 2024-08-03 7.5 High
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.
CVE-2022-2049 3 Linux, Microsoft, Octopus 3 Linux Kernel, Windows, Octopus Server 2024-08-03 7.5 High
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.
CVE-2022-1901 3 Linux, Microsoft, Octopus 3 Linux Kernel, Windows, Octopus Server 2024-08-03 5.3 Medium
In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview.
CVE-2022-1881 1 Octopus 1 Octopus Server 2024-08-03 5.3 Medium
In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space.
CVE-2022-1670 1 Octopus 1 Octopus Server 2024-08-03 7.5 High
When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users.