Octopus Deploy Security Advisories

Security Advisory 2024-09

Oct 1, 2024 · Vulnerability/SQL-Injection Severity/High CVSS/8.7

SQL Injection in the Octopus Server REST API (CVE-2024-9194)
Read More
Security Advisory 2024-08

Sep 11, 2024 · Vulnerability/Improper Restriction of Rendered UI Layers or Frames Severity/low CVSS/2.6

Insufficient Content Security Policy Configuration (CVE-2024-1656)
Read More
Security Advisory 2024-07

Aug 20, 2024 · Vulnerability/Insufficient Session Expiration Severity/low CVSS/2.6

Incorrect OIDC cookie expiration time (CVE-2024-7998)
Read More
Security Advisory 2024-06

Jul 24, 2024 · Vulnerability/Information disclosure Severity/medium CVSS/6.5

Sensitive Variables exposed in TaskLogs (CVE-2024-6972)
Read More
Security Advisory 2024-05

Jul 24, 2024 · Vulnerability/Broken access control Severity/low CVSS/2.2

Access to failed project imports in restricted spaces. (CVE-2024-4811)
Read More
Security Advisory 2024-04

May 7, 2024 · Vulnerability/Stored XSS Severity/medium CVSS/4.1

Stored XSS in Audit Page (CVE-2024-4456)
Read More
Security Advisory 2024-03

Apr 30, 2024 · Vulnerability/Information exposure Severity/low CVSS/3.5

Users with no permissions can see all users (CVE-2024-4226)
Read More
Security Advisory 2024-02

Apr 17, 2024 · Vulnerability/Information exposure Severity/medium CVSS/4.3

2024-02 - API key disclosed in Octopus Server audit log.
Read More
Security Advisory 2024-01

Apr 2, 2024 · Vulnerability/Privilege-Escalation Severity/high CVSS/8.8

Race condition could lead to privilege escalation (CVE-2024-2975)
Read More
Security Advisory 2023-12

Dec 12, 2023 · Vulnerability/Information exposure Severity/medium CVSS/4.2

OpenID client secret logged in plain text during configuration (CVE-2023-1904)
Read More
- 1
- 2
- 3
- 4
- 5