Vulnerabilities > Octopus > Octopus Server > 2.3.6

DATE CVE VULNERABILITY TITLE RISK
2023-05-10 CVE-2022-4008 Resource Exhaustion vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
local
low complexity
octopus CWE-400
5.5
2023-04-19 CVE-2022-2507 Unspecified vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage
network
low complexity
octopus
5.3
2023-02-22 CVE-2022-2883 Unrestricted Upload of File with Dangerous Type vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
network
low complexity
octopus CWE-434
7.5
2022-10-27 CVE-2022-2508 Information Exposure Through an Error Message vulnerability in Octopus Server
In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging.
network
low complexity
octopus CWE-209
5.3
2022-10-27 CVE-2022-2782 Insufficient Session Expiration vulnerability in Octopus Server
In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters.
network
low complexity
octopus CWE-613
critical
9.1
2022-08-19 CVE-2022-2049 Unspecified vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.
network
low complexity
octopus
7.5
2022-08-19 CVE-2022-2074 Unspecified vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template.
network
low complexity
octopus
7.5
2022-08-19 CVE-2022-2075 Unspecified vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.
network
low complexity
octopus
7.5
2022-07-19 CVE-2022-30532 Unspecified vulnerability in Octopus Server
In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy.
network
low complexity
octopus
5.3
2022-05-19 CVE-2022-1670 Unspecified vulnerability in Octopus Server
When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users.
network
low complexity
octopus
7.5