Vulnerabilities > Octopus > Octopus Server > 2.0.11.1080

DATE CVE VULNERABILITY TITLE RISK
2023-05-10 CVE-2022-4008 Resource Exhaustion vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
local
low complexity
octopus CWE-400
5.5
2023-02-22 CVE-2022-2883 Unrestricted Upload of File with Dangerous Type vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
network
low complexity
octopus CWE-434
7.5
2022-10-27 CVE-2022-2508 Information Exposure Through an Error Message vulnerability in Octopus Server
In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging.
network
low complexity
octopus CWE-209
5.3
2022-10-27 CVE-2022-2782 Insufficient Session Expiration vulnerability in Octopus Server
In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters.
network
low complexity
octopus CWE-613
critical
9.1