Vulnerabilities > Octopus > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-15 | CVE-2022-29890 | Cross-site Scripting vulnerability in Octopus Server In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. | 6.1 |
| 2022-05-04 | CVE-2022-1502 | Unspecified vulnerability in Octopus Server Permissions were not properly verified in the API on projects using version control in Git. | 4.3 |
| 2022-02-07 | CVE-2022-23184 | Open Redirect vulnerability in Octopus Deploy In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects. | 6.1 |
| 2022-01-19 | CVE-2021-31821 | Cleartext Storage of Sensitive Information vulnerability in Octopus Tentacle When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. | 5.5 |
| 2021-06-17 | CVE-2021-31818 | SQL Injection vulnerability in Octopus Server Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. | 4.3 |
| 2021-01-22 | CVE-2021-21270 | Cleartext Transmission of Sensitive Information vulnerability in Octopus Octopusdsc OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. | 5.5 |
| 2020-10-26 | CVE-2020-26161 | Open Redirect vulnerability in Octopus Deploy In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header. | 6.1 |
| 2020-08-25 | CVE-2020-16197 | Improper Certificate Validation vulnerability in Octopus Server and Server An issue was discovered in Octopus Deploy 3.4. | 4.3 |
| 2020-06-19 | CVE-2020-14470 | Information Exposure Through Log Files vulnerability in Octopus Deploy In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password. | 6.5 |
| 2020-04-28 | CVE-2020-12286 | Unspecified vulnerability in Octopus Deploy In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the TaskView permission is not scoped to any dimension. | 4.3 |