Vulnerabilities > Octopus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-02 | CVE-2022-2416 | Server-Side Request Forgery (SSRF) vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment. | 4.3 |
| 2023-08-02 | CVE-2022-2346 | Unspecified vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints. | 4.3 |
| 2023-05-18 | CVE-2022-4870 | Information Exposure Through an Error Message vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to discover network details via error message | 5.3 |
| 2023-05-10 | CVE-2022-4008 | Resource Exhaustion vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service | 5.5 |
| 2023-05-02 | CVE-2023-2247 | Unspecified vulnerability in Octopus Deploy In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function | 5.3 |
| 2023-03-16 | CVE-2022-4009 | Command Injection vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation | 8.8 |
| 2023-03-13 | CVE-2022-2258 | Unspecified vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items | 4.3 |
| 2023-03-13 | CVE-2022-2259 | Unspecified vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items | 4.3 |
| 2023-02-22 | CVE-2022-2883 | Unrestricted Upload of File with Dangerous Type vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service | 7.5 |
| 2023-01-31 | CVE-2022-4898 | Cross-site Scripting vulnerability in Octopus Server In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. | 5.4 |