Vulnerabilities > Octopus > Octopus Server

DATE CVE VULNERABILITY TITLE RISK
2022-10-06 CVE-2022-2781 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Octopus Server
In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables.
network
low complexity
octopus CWE-327
5.3
2022-10-06 CVE-2022-2783 Cross-Site Request Forgery (CSRF) vulnerability in Octopus Server
In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token
network
low complexity
octopus CWE-352
5.3
2022-09-30 CVE-2022-2778 Unspecified vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes.
network
low complexity
octopus
critical
9.8
2022-09-28 CVE-2022-2760 Information Exposure Through an Error Message vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space.
network
low complexity
octopus CWE-209
4.3
2022-09-09 CVE-2022-2528 Incorrect Default Permissions vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages.
network
low complexity
octopus CWE-276
6.5
2022-08-19 CVE-2022-2049 Unspecified vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.
network
low complexity
octopus
7.5
2022-08-19 CVE-2022-2074 Unspecified vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template.
network
low complexity
octopus
7.5
2022-08-19 CVE-2022-2075 Unspecified vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.
network
low complexity
octopus
7.5
2022-08-19 CVE-2022-1901 Improper Privilege Management vulnerability in Octopus Server
In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview.
network
low complexity
octopus CWE-269
5.3
2022-07-19 CVE-2022-30532 Unspecified vulnerability in Octopus Server
In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy.
network
low complexity
octopus
5.3