Vulnerabilities > Octopus > Octopus Deploy > 3.0.25

DATE CVE VULNERABILITY TITLE RISK
2017-10-19 CVE-2017-15611 Incorrect Permission Assignment for Critical Resource vulnerability in Octopus Deploy
In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users (aka UserInvite) can invite users to teams with escalated privileges.
network
low complexity
octopus CWE-732
6.5
6.5
2017-10-19 CVE-2017-15610 Information Exposure vulnerability in Octopus Deploy
An issue was discovered in Octopus before 3.17.7.
network
low complexity
octopus CWE-200
6.5
6.5
2017-10-19 CVE-2017-15609 Missing Encryption of Sensitive Data vulnerability in Octopus Deploy
Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets.
network
low complexity
octopus CWE-311
7.5
7.5