Vulnerabilities > Octopus > Octopus Server > 2019.1.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-19 | CVE-2022-1901 | Improper Privilege Management vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview. | 5.3 |
| 2022-07-19 | CVE-2022-30532 | Unspecified vulnerability in Octopus Server In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy. | 5.3 |
| 2022-05-19 | CVE-2022-1670 | Unspecified vulnerability in Octopus Server When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. | 7.5 |
| 2021-08-18 | CVE-2021-31820 | Cleartext Storage of Sensitive Information vulnerability in Octopus Server In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI. | 7.5 |
| 2019-02-20 | CVE-2019-8944 | Information Exposure Through Log Files vulnerability in Octopus Deploy An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (and before 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files. | 6.5 |