Vulnerabilities > Octopus > Octopus Server > 3.7.2

DATE CVE VULNERABILITY TITLE RISK
2022-09-30 CVE-2022-2778 Unspecified vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes.
network
low complexity
octopus
critical
9.8
2022-09-09 CVE-2022-2528 Incorrect Default Permissions vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages.
network
low complexity
octopus CWE-276
6.5
2022-08-19 CVE-2022-2049 Unspecified vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.
network
low complexity
octopus
7.5
2022-08-19 CVE-2022-2074 Unspecified vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template.
network
low complexity
octopus
7.5
2022-08-19 CVE-2022-2075 Unspecified vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.
network
low complexity
octopus
7.5
2022-07-19 CVE-2022-30532 Unspecified vulnerability in Octopus Server
In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy.
network
low complexity
octopus
5.3
2022-05-19 CVE-2022-1670 Unspecified vulnerability in Octopus Server
When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users.
network
low complexity
octopus
7.5
2017-07-17 CVE-2017-11348 Path Traversal vulnerability in Octopus Deploy and Octopus Server
In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files.
network
low complexity
octopus CWE-22
5.7