Vulnerabilities > Octopus > Octopus Server > 3.7.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-30 | CVE-2022-2778 | Unspecified vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes. | 9.8 |
| 2022-09-09 | CVE-2022-2528 | Incorrect Default Permissions vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages. | 6.5 |
| 2022-08-19 | CVE-2022-2049 | Unspecified vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function. | 7.5 |
| 2022-08-19 | CVE-2022-2074 | Unspecified vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template. | 7.5 |
| 2022-08-19 | CVE-2022-2075 | Unspecified vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation. | 7.5 |
| 2022-07-19 | CVE-2022-30532 | Unspecified vulnerability in Octopus Server In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy. | 5.3 |
| 2022-05-19 | CVE-2022-1670 | Unspecified vulnerability in Octopus Server When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. | 7.5 |
| 2017-07-17 | CVE-2017-11348 | Path Traversal vulnerability in Octopus Deploy and Octopus Server In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. | 5.7 |