Vulnerabilities > Octopus > Octopus Server > 2021.3.13021

DATE CVE VULNERABILITY TITLE RISK
2022-09-28 CVE-2022-2760 Information Exposure Through an Error Message vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space.
network
low complexity
octopus CWE-209
4.3
4.3
2022-09-09 CVE-2022-2528 Incorrect Default Permissions vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages.
network
low complexity
octopus CWE-276
6.5
6.5