Filtered by vendor Octopus
Subscriptions
Total
85 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-1901 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-08-03 | 5.3 Medium |
In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview. | ||||
CVE-2022-1881 | 1 Octopus | 1 Octopus Server | 2024-08-03 | 5.3 Medium |
In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space. | ||||
CVE-2022-1670 | 1 Octopus | 1 Octopus Server | 2024-08-03 | 7.5 High |
When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users. | ||||
CVE-2022-1502 | 1 Octopus | 1 Server | 2024-08-03 | 4.3 Medium |
Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions. | ||||
CVE-2023-2247 | 1 Octopus | 1 Octopus Deploy | 2024-08-02 | 5.3 Medium |
In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function |