Filtered by vendor Octopus
Subscribe
Total
83 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1904 | 1 Octopus | 1 Octopus Server | 2023-12-19 | N/A | 7.5 HIGH |
| In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server. | |||||
| CVE-2023-2247 | 1 Octopus | 1 Octopus Deploy | 2023-12-14 | N/A | 5.3 MEDIUM |
| In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function | |||||
| CVE-2021-31822 | 2 Linux, Octopus | 2 Linux Kernel, Tentacle | 2023-11-07 | 4.6 MEDIUM | 7.8 HIGH |
| When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access. | |||||
| CVE-2021-31820 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI. | |||||
| CVE-2021-31819 | 1 Octopus | 1 Halibut | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification. | |||||
| CVE-2021-31818 | 1 Octopus | 1 Server | 2023-11-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables. | |||||
| CVE-2021-31817 | 1 Octopus | 1 Server | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext. | |||||
| CVE-2021-31816 | 1 Octopus | 1 Server | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext. | |||||
| CVE-2021-30183 | 1 Octopus | 1 Server | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext. | |||||
| CVE-2021-26557 | 1 Octopus | 1 Tentacle | 2023-11-07 | 4.4 MEDIUM | 7.8 HIGH |
| When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. | |||||
| CVE-2021-26556 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2023-11-07 | 4.4 MEDIUM | 7.8 HIGH |
| When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. | |||||
| CVE-2022-2259 | 1 Octopus | 1 Octopus Server | 2023-08-08 | N/A | 4.3 MEDIUM |
| In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items | |||||
| CVE-2022-2778 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2023-08-08 | N/A | 9.8 CRITICAL |
| In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes. | |||||
| CVE-2022-1901 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2023-08-08 | N/A | 5.3 MEDIUM |
| In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview. | |||||
| CVE-2022-2258 | 1 Octopus | 1 Octopus Server | 2023-08-08 | N/A | 4.3 MEDIUM |
| In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items | |||||
| CVE-2022-3460 | 1 Octopus | 1 Octopus Server | 2023-08-08 | N/A | 7.5 HIGH |
| In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview. | |||||
| CVE-2022-2781 | 1 Octopus | 1 Octopus Server | 2023-08-08 | N/A | 5.3 MEDIUM |
| In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables. | |||||
| CVE-2022-1502 | 1 Octopus | 1 Server | 2023-08-08 | 3.5 LOW | 4.3 MEDIUM |
| Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions. | |||||
| CVE-2022-4009 | 1 Octopus | 1 Octopus Server | 2023-08-08 | N/A | 8.8 HIGH |
| In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation | |||||
| CVE-2022-2783 | 1 Octopus | 1 Octopus Server | 2023-08-08 | N/A | 5.3 MEDIUM |
| In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token | |||||