Octopus Deploy Security Advisories
Home
Advisories icon
2021 2022 2023
Severity Levels
Disclosure Policy
  • Security Advisory 2023-05

    Mar 13, 2023 · Vulnerability/Improper Neutralisation of Special Elements used in a Command Severity/low CVSS/3.9

    Command injection via offline package creation (CVE-2022-4009)

    Read More
  • Security Advisory 2023-03

    Mar 10, 2023 · Vulnerability/Incorrect Privilege Assignment Severity/low CVSS/3.1

    Able to view tagsets without assigned permissions (CVE-2022-2258)

    Read More
  • Security Advisory 2023-04

    Mar 10, 2023 · Vulnerability/Incorrect Privilege Assignment Severity/low CVSS/3.1

    Able to view workerpools without assigned permissions (CVE-2022-2259)

    Read More
  • Security Advisory 2023-02

    Feb 14, 2023 · Vulnerability/Denial of Service Severity/medium CVSS/6.5

    Zipbomb resource exhaustion in Octopus Server (CVE-2022-2883)

    Read More
  • Security Advisory 2023-01

    Jan 30, 2023 · Vulnerability/Stored XSS Severity/medium CVSS/6.8

    Stored Cross-Site Scripting (XSS) in Octopus Server help sidebar (CVE-2022-4898)

    Read More
  • Security Advisory 2022-26

    Dec 22, 2022 · Vulnerability/Authentication Bypass Using an Alternate Path or Channel Severity/low CVSS/2.4

    Certain browsers can bypass authentication and redirect to the configured redirect url without any validation (CVE-2022-3614)

    Read More
  • Security Advisory 2022-25

    Dec 21, 2022 · Vulnerability/Exposure of Sensitive Information Through Environmental Variables Severity/medium CVSS/5.9

    Certain types of sensitive variables may be displayed as plain text in variable preview (CVE-2022-3460)

    Read More
  • Security Advisory 2022-24

    Nov 25, 2022 · Vulnerability/Insertion of Sensitive Information into Log File Severity/medium CVSS/4.1

    Target Discovery prints certain sensitive values in plain-text when verbose logging is enabled (CVE-2022-2721)

    Read More
  • Security Advisory 2022-23

    Nov 1, 2022 · Vulnerability/Broken access control Severity/high CVSS/7.3

    Disabled/Deleted users API keys are still usable when access is revoked via an External Auth Provider (CVE-2022-2572)

    Read More
  • Security Advisory 2022-22

    Oct 27, 2022 · Vulnerability/Information Exposure Severity/low CVSS/3.6

    Resource validation in error messaging (CVE-2022-2508)

    Read More
    • ««
    • «
    • 1
    • 2
    • 3
    • 4
    • 5
    • »
    • »»

Recent Security Advisories

  • Security Advisory 2023-05
  • Security Advisory 2023-03
  • Security Advisory 2023-04
  • Security Advisory 2023-02
  • Security Advisory 2023-01
  • Security Advisory 2022-26
  • Security Advisory 2022-25
  • Security Advisory 2022-24

Products

OCTOPUS-SERVER 38 OCTOPUS-DEPLOY-TEAMCITY-PLUGIN 3 OCTOPUS-JAVA-SDK 3 OCTOPUS-TENTACLE 3 HALIBUT 1

Tags

SEVERITY/MEDIUM 25 SEVERITY/LOW 13 SEVERITY/HIGH 10 VULNERABILITY/VULNERABLE-DEPENDENCY 6 VULNERABILITY/CLEAR-TEXT-STORAGE-OF-SENSITIVE-VALUE 5 VULNERABILITY/BROKEN-ACCESS-CONTROL 4 VULNERABILITY/INFORMATION-EXPOSURE 4 CVSS/5.7 3 CVSS/6.4 3 CVSS/6.5 3 CVSS/6.8 3 VULNERABILITY/LOCAL-PRIVILEGE-ESCALATION 3 VULNERABILITY/REGEX-DENIAL-OF-SERVICE 3 VULNERABILITY/REMOTE-CODE-EXECUTION 3
All Tags
CVSS/2.21 CVSS/2.41 CVSS/3.01 CVSS/3.12 CVSS/3.41 CVSS/3.61 CVSS/3.91 CVSS/4.11 CVSS/4.31 CVSS/5.31 CVSS/5.41 CVSS/5.51 CVSS/5.73 CVSS/5.91 CVSS/6.32 CVSS/6.43 CVSS/6.53 CVSS/6.83 CVSS/7.11 CVSS/7.31 CVSS/8.01 SEVERITY/HIGH10 SEVERITY/LOW13 SEVERITY/MEDIUM25 VULNERABILITY/ABNORMAL-INVITE-CODE-FUNCTIONALITY1 VULNERABILITY/AUTHENTICATION-BYPASS-BY-CAPTURE-REPLAY1 VULNERABILITY/AUTHENTICATION-BYPASS-USING-AN-ALTERNATE-PATH-OR-CHANNEL1 VULNERABILITY/BROKEN-ACCESS-CONTROL4 VULNERABILITY/CLEAR-TEXT-STORAGE-OF-SENSITIVE-VALUE5 VULNERABILITY/CSRF1 VULNERABILITY/DENIAL-OF-SERVICE1 VULNERABILITY/ENCRYPTION1 VULNERABILITY/EXPOSURE-OF-SENSITIVE-INFORMATION-THROUGH-ENVIRONMENTAL-VARIABLES1 VULNERABILITY/IMPROPER-NEUTRALISATION-OF-SPECIAL-ELEMENTS-USED-IN-A-COMMAND1 VULNERABILITY/INCORRECT-PRIVILEGE-ASSIGNMENT2 VULNERABILITY/INFORMATION-EXPOSURE4 VULNERABILITY/INSECURE-DIRECT-OBJECT-REFERENCE-IDOR1 VULNERABILITY/INSERTION-OF-SENSITIVE-INFORMATION-INTO-LOG-FILE1 VULNERABILITY/INSUFFICIENT-SESSION-EXPIRATION1 VULNERABILITY/LOCAL-PRIVILEGE-ESCALATION3 VULNERABILITY/LOGGING1 VULNERABILITY/OPEN-REDIRECT1 VULNERABILITY/RATE-LIMIT-BYPASS1 VULNERABILITY/REGEX-DENIAL-OF-SERVICE3 VULNERABILITY/REMOTE-CODE-EXECUTION3 VULNERABILITY/SENSITIVE-VARIABLE-EXPOSURE1 VULNERABILITY/SQL-INJECTION1 VULNERABILITY/STORED-XSS2 VULNERABILITY/VULNERABLE-DEPENDENCY6
[A~Z][0~9]
 Octopus Deploy Security Advisories

Copyright   OCTOPUS DEPLOY SECURITY ADVISORIES. All Rights Reserved