Vulnerabilities > Octopus
|2017-10-19||CVE-2017-15610|| Information Exposure vulnerability in Octopus Deploy |
An issue was discovered in Octopus before 3.17.7.
| 4.0 |
|2017-10-19||CVE-2017-15609|| Missing Encryption of Sensitive Data vulnerability in Octopus Deploy |
Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets.
| 5.0 |
|2017-07-17||CVE-2017-11348|| Path Traversal vulnerability in Octopus Deploy and Octopus Server |
In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files.
| 6.3 |