Filtered by vendor Octopus
Subscriptions
Filtered by product Octopus Server
Subscriptions
Total
47 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-2259 | 1 Octopus | 1 Octopus Server | 2024-08-03 | 4.3 Medium |
In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items | ||||
CVE-2022-2074 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-08-03 | 7.5 High |
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template. | ||||
CVE-2022-2075 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-08-03 | 7.5 High |
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation. | ||||
CVE-2022-2049 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-08-03 | 7.5 High |
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function. | ||||
CVE-2022-1901 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-08-03 | 5.3 Medium |
In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview. | ||||
CVE-2022-1881 | 1 Octopus | 1 Octopus Server | 2024-08-03 | 5.3 Medium |
In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space. | ||||
CVE-2022-1670 | 1 Octopus | 1 Octopus Server | 2024-08-03 | 7.5 High |
When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users. |