Vulnerabilities > Octopus

DATE CVE VULNERABILITY TITLE RISK
2017-10-19 CVE-2017-15610 Information Exposure vulnerability in Octopus Deploy
An issue was discovered in Octopus before 3.17.7.
network
low complexity
octopus CWE-200
4.0
2017-10-19 CVE-2017-15609 Missing Encryption of Sensitive Data vulnerability in Octopus Deploy
Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets.
network
low complexity
octopus CWE-311
5.0
2017-07-17 CVE-2017-11348 Path Traversal vulnerability in Octopus Deploy and Octopus Server
In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files.
network
octopus CWE-22
6.3