Vulnerabilities > Octopus > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-19 | CVE-2022-1670 | Unspecified vulnerability in Octopus Server When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. | 7.5 |
| 2021-11-24 | CVE-2021-31822 | Incorrect Default Permissions vulnerability in Octopus Tentacle When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. | 7.8 |
| 2021-10-07 | CVE-2021-26556 | Untrusted Search Path vulnerability in Octopus Deploy When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. | 7.8 |
| 2021-10-07 | CVE-2021-26557 | Untrusted Search Path vulnerability in Octopus Tentacle When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. | 7.8 |
| 2021-08-18 | CVE-2021-31820 | Cleartext Storage of Sensitive Information vulnerability in Octopus Server In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI. | 7.5 |
| 2021-07-08 | CVE-2021-31816 | Cleartext Storage of Sensitive Information vulnerability in Octopus Server When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext. | 7.5 |
| 2021-07-08 | CVE-2021-31817 | Cleartext Storage of Sensitive Information vulnerability in Octopus Server When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext. | 7.5 |
| 2021-05-14 | CVE-2021-30183 | Cleartext Storage of Sensitive Information vulnerability in Octopus Server Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext. | 7.5 |
| 2020-10-22 | CVE-2020-27155 | Unspecified vulnerability in Octopus Deploy An issue was discovered in Octopus Deploy through 2020.4.4. | 7.5 |
| 2020-10-12 | CVE-2020-25825 | Unspecified vulnerability in Octopus Deploy In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs. | 7.5 |