Octopus Server | Octopus Deploy Security Advisories

Security Advisory 2022-26

Dec 22, 2022 · Vulnerability/Authentication Bypass Using an Alternate Path or Channel Severity/low CVSS/2.4

Certain browsers can bypass authentication and redirect to the configured redirect url without any validation (CVE-2022-3614)
Read More
Security Advisory 2022-25

Dec 21, 2022 · Vulnerability/Exposure of Sensitive Information Through Environmental Variables Severity/medium CVSS/5.9

Certain types of sensitive variables may be displayed as plain text in variable preview (CVE-2022-3460)
Read More
Security Advisory 2022-24

Nov 25, 2022 · Vulnerability/Insertion of Sensitive Information into Log File Severity/medium CVSS/4.1

Target Discovery prints certain sensitive values in plain-text when verbose logging is enabled (CVE-2022-2721)
Read More
Security Advisory 2022-23

Nov 1, 2022 · Vulnerability/Broken access control Severity/high CVSS/7.3

Disabled/Deleted users API keys are still usable when access is revoked via an External Auth Provider (CVE-2022-2572)
Read More
Security Advisory 2022-22

Oct 27, 2022 · Vulnerability/Information Exposure Severity/low CVSS/3.6

Resource validation in error messaging (CVE-2022-2508)
Read More
Security Advisory 2022-21

Oct 25, 2022 · Vulnerability/Insufficient Session Expiration Severity/medium CVSS/5.7

Session cookie date isn't validated against server policy (CVE-2022-2782)
Read More
Security Advisory 2022-20

Oct 14, 2022 · Vulnerability/Authentication Bypass by Capture-replay Severity/high CVSS/8.0

Git connection checker can initiate an SMB connection leading to NTLM relay attack (CVE-2022-2780)
Read More
Security Advisory 2022-19

Oct 13, 2022 · Vulnerability/Information exposure Severity/medium CVSS/5.7

User without team permission can obtain teams along with its members, description and permissions associated through API request (CVE-2022-2828)
Read More
Security Advisory 2022-18

Oct 11, 2022 · Vulnerability/Information exposure Severity/medium CVSS/5.4

Sensitive value will only be partially masked when certain substrings exist in the set (CVE-2022-2720)
Read More
Security Advisory 2022-17

Oct 6, 2022 · Vulnerability/CSRF Severity/medium CVSS/6.3

Session cookie can be used as the CSRF token (CVE-2022-2783)
Read More
- 1
- 2
- 3
- 4
- 5