Vulnerabilities > Octopus > Octopus Server > 2018.5.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-06 | CVE-2022-2781 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Octopus Server In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables. | 5.3 |
| 2022-10-06 | CVE-2022-2783 | Cross-Site Request Forgery (CSRF) vulnerability in Octopus Server In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token | 5.3 |
| 2022-09-30 | CVE-2022-2778 | Unspecified vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes. | 9.8 |
| 2018-06-11 | CVE-2018-12089 | Information Exposure vulnerability in Octopus Server In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. | 3.5 |
| 2018-05-21 | CVE-2018-11320 | Information Exposure Through Log Files vulnerability in Octopus Server In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs. | 5.0 |