Octopus Deploy Security Advisories

Security Advisory 2022-17

Oct 6, 2022 · Vulnerability/CSRF Severity/medium CVSS/6.3

Session cookie can be used as the CSRF token (CVE-2022-2783)
Read More
Security Advisory 2022-16

Oct 5, 2022 · Vulnerability/Encryption Severity/medium CVSS/5.5

Encrypted variables and session cookies use the same encryption process (CVE-2022-2781)
Read More
Security Advisory 2022-15

Sep 27, 2022 · Vulnerability/Rate limit bypass Severity/low CVSS/2.2

Login password rate limit can be bypassed with null bytes (CVE-2022-2778)
Read More
Security Advisory 2022-14

Sep 27, 2022 · Vulnerability/Information exposure Severity/low CVSS/3.0

Space ID is revealed in error messages when the resource is part of another space (CVE-2022-2760)
Read More
Security Advisory 2022-13

Sep 9, 2022 · Vulnerability/Broken access control Severity/medium CVSS/6.4

Service Account with FeedView permission can upload to built-in feed after re-indexing packages (CVE-2022-2528)
Read More
Security Advisory 2022-12

Aug 19, 2022 · Vulnerability/Regex Denial of Service Severity/medium CVSS/6.5

ReDoS in Build Information request (CVE-2022-2075)
Read More
Security Advisory 2022-11

Aug 19, 2022 · Vulnerability/Regex Denial of Service Severity/high CVSS/7.1

ReDoS in Variable Project Templates (CVE-2022-2074)
Read More
Security Advisory 2022-10

Aug 19, 2022 · Vulnerability/Regex Denial of Service Severity/medium CVSS/5.3

ReDoS in Package Upload Files (CVE-2022-2049)
Read More
Security Advisory 2022-09

Aug 19, 2022 · Vulnerability/sensitive variable exposure Severity/medium CVSS/6.8

Sensitive variable value displayed in Variable Preview (CVE-2022-1901)
Read More
Security Advisory 2022-08

Jul 18, 2022 · Vulnerability/Logging Severity/medium CVSS/6.4

Lack of auditing and logging for artifacts in Octopus Server (CVE-2022-30532)
Read More
- 1
- 2
- 3
- 4
- 5