Octopus Deploy Security Advisories

Security Advisory 2023-08

May 10, 2023 · Vulnerability/Denial of Service Severity/medium CVSS/6.5

Zipbomb resource exhaustion in Tentacle (CVE-2022-4008)
Read More
Security Advisory 2023-07

Apr 26, 2023 · Vulnerability/Variable Secret Exposure Severity/low CVSS/3.8

Variable preview can unmask secrets (CVE-2023-2247)
Read More
Security Advisory 2023-06

Apr 19, 2023 · Vulnerability/Cross-Site Scripting (XSS) Severity/low CVSS/2.5

Weak Content Security Policy Header (CVE-2022-2507)
Read More
Security Advisory 2023-05

Mar 13, 2023 · Vulnerability/Improper Neutralisation of Special Elements used in a Command Severity/low CVSS/3.9

Command injection via offline package creation (CVE-2022-4009)
Read More
Security Advisory 2023-03

Mar 10, 2023 · Vulnerability/Incorrect Privilege Assignment Severity/low CVSS/3.1

Able to view tagsets without assigned permissions (CVE-2022-2258)
Read More
Security Advisory 2023-04

Mar 10, 2023 · Vulnerability/Incorrect Privilege Assignment Severity/low CVSS/3.1

Able to view workerpools without assigned permissions (CVE-2022-2259)
Read More
Security Advisory 2023-02

Feb 14, 2023 · Vulnerability/Denial of Service Severity/medium CVSS/6.5

Zipbomb resource exhaustion in Octopus Server (CVE-2022-2883)
Read More
Security Advisory 2023-01

Jan 30, 2023 · Vulnerability/Stored XSS Severity/medium CVSS/6.8

Stored Cross-Site Scripting (XSS) in Octopus Server help sidebar (CVE-2022-4898)
Read More
Security Advisory 2022-26

Dec 22, 2022 · Vulnerability/Authentication Bypass Using an Alternate Path or Channel Severity/low CVSS/2.4

Certain browsers can bypass authentication and redirect to the configured redirect url without any validation (CVE-2022-3614)
Read More
Security Advisory 2022-25

Dec 21, 2022 · Vulnerability/Exposure of Sensitive Information Through Environmental Variables Severity/medium CVSS/5.9

Certain types of sensitive variables may be displayed as plain text in variable preview (CVE-2022-3460)
Read More
- 1
- 2
- 3
- 4
- 5