Vulnerabilities > Octopus

DATE CVE VULNERABILITY TITLE RISK
2021-07-08 CVE-2021-31816 Cleartext Storage of Sensitive Information vulnerability in Octopus Server
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.
network
low complexity
octopus CWE-312
5.0
2021-07-08 CVE-2021-31817 Cleartext Storage of Sensitive Information vulnerability in Octopus Server 2021.1.6959
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext.
network
low complexity
octopus CWE-312
5.0
2021-06-17 CVE-2021-31818 SQL Injection vulnerability in Octopus Server 2021.1.6959
Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly.
network
low complexity
octopus CWE-89
4.0
2021-05-14 CVE-2021-30183 Cleartext Storage of Sensitive Information vulnerability in Octopus Server
Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext.
network
low complexity
octopus CWE-312
5.0
2021-01-22 CVE-2021-21270 Cleartext Transmission of Sensitive Information vulnerability in Octopus Octopusdsc
OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent.
local
low complexity
octopus CWE-319
2.1
2020-10-26 CVE-2020-26161 Open Redirect vulnerability in Octopus Deploy
In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header.
network
octopus CWE-601
5.8
2020-10-22 CVE-2020-27155 Unspecified vulnerability in Octopus Deploy
An issue was discovered in Octopus Deploy through 2020.4.4.
network
octopus
4.3
2020-10-12 CVE-2020-25825 Unspecified vulnerability in Octopus Deploy
In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs.
network
low complexity
octopus
5.0
2020-09-09 CVE-2020-24566 Information Exposure Through LOG Files vulnerability in Octopus Deploy
In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4.1, if an authenticated user creates a deployment or runbook process using Azure steps and sets the step's execution location to run on the server/worker, then (under certain circumstances) the account password is exposed in cleartext in the verbose task logs output.
network
octopus CWE-532
4.3
2020-08-25 CVE-2020-16197 Improper Certificate Validation vulnerability in Octopus Deploy and Server
An issue was discovered in Octopus Deploy 3.4.
network
low complexity
octopus CWE-295
4.0