Filtered by vendor Octopus
Subscriptions
Filtered by product Octopus Server
Subscriptions
Total
45 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-14525 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2022-07-27 | N/A |
In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call. | ||||
CVE-2022-23184 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2022-07-27 | 6.1 Medium |
In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects. | ||||
CVE-2019-11632 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2022-07-27 | N/A |
In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. (These permissions are only used in custom User Roles and do not affect built in User Roles.) | ||||
CVE-2018-18850 | 1 Octopus | 1 Octopus Server | 2022-07-27 | N/A |
In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server (for self-hosted installations by default, SYSTEM). | ||||
CVE-2017-11348 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2022-07-27 | N/A |
In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value. |