Vulnerabilities > Octopus > Octopus Server > 2.3.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-10 | CVE-2022-4008 | Resource Exhaustion vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service | 5.5 |
| 2023-04-19 | CVE-2022-2507 | Unspecified vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage | 5.3 |
| 2023-02-22 | CVE-2022-2883 | Unrestricted Upload of File with Dangerous Type vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service | 7.5 |
| 2022-10-27 | CVE-2022-2508 | Information Exposure Through an Error Message vulnerability in Octopus Server In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging. | 5.3 |
| 2022-10-27 | CVE-2022-2782 | Insufficient Session Expiration vulnerability in Octopus Server In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters. | 9.1 |
| 2022-08-19 | CVE-2022-2049 | Unspecified vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function. | 7.5 |
| 2022-08-19 | CVE-2022-2074 | Unspecified vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template. | 7.5 |
| 2022-08-19 | CVE-2022-2075 | Unspecified vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation. | 7.5 |
| 2022-07-19 | CVE-2022-30532 | Unspecified vulnerability in Octopus Server In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy. | 5.3 |
| 2022-05-19 | CVE-2022-1670 | Unspecified vulnerability in Octopus Server When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. | 7.5 |