Vulnerabilities > Octopus > Octopus Server > 3.1.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-18 | CVE-2022-4870 | Information Exposure Through an Error Message vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to discover network details via error message | 5.3 |
2023-05-10 | CVE-2022-4008 | Resource Exhaustion vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service | 5.5 |
2023-03-16 | CVE-2022-4009 | Command Injection vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation | 8.8 |
2023-02-22 | CVE-2022-2883 | Unrestricted Upload of File with Dangerous Type vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service | 7.5 |
2022-10-27 | CVE-2022-2508 | Information Exposure Through an Error Message vulnerability in Octopus Server In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging. | 5.3 |
2022-10-27 | CVE-2022-2782 | Insufficient Session Expiration vulnerability in Octopus Server In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters. | 9.1 |
2022-09-30 | CVE-2022-2778 | Unspecified vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes. | 9.8 |
2017-07-17 | CVE-2017-11348 | Path Traversal vulnerability in Octopus Deploy and Octopus Server In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. | 6.3 |