Octopus Deploy Security Advisories

Security Advisory 2022-15

Sep 27, 2022 · Vulnerability/Rate limit bypass Severity/low CVSS/2.2

Login password rate limit can be bypassed with null bytes (CVE-2022-2778)
Read More
Security Advisory 2022-14

Sep 27, 2022 · Vulnerability/Information exposure Severity/low CVSS/3.0

Space ID is revealed in error messages when the resource is part of another space (CVE-2022-2760)
Read More
Security Advisory 2022-13

Sep 9, 2022 · Vulnerability/Broken access control Severity/medium CVSS/6.4

Service Account with FeedView permission can upload to built-in feed after re-indexing packages (CVE-2022-2528)
Read More
Security Advisory 2022-12

Aug 19, 2022 · Vulnerability/Regex Denial of Service Severity/medium CVSS/6.5

ReDoS in Build Information request (CVE-2022-2075)
Read More
Security Advisory 2022-11

Aug 19, 2022 · Vulnerability/Regex Denial of Service Severity/high CVSS/7.1

ReDoS in Variable Project Templates (CVE-2022-2074)
Read More
Security Advisory 2022-10

Aug 19, 2022 · Vulnerability/Regex Denial of Service Severity/medium CVSS/5.3

ReDoS in Package Upload Files (CVE-2022-2049)
Read More
Security Advisory 2022-09

Aug 19, 2022 · Vulnerability/sensitive variable exposure Severity/medium CVSS/6.8

Sensitive variable value displayed in Variable Preview (CVE-2022-1901)
Read More
Security Advisory 2022-08

Jul 18, 2022 · Vulnerability/Logging Severity/medium CVSS/6.4

Lack of auditing and logging for artifacts in Octopus Server (CVE-2022-30532)
Read More
Security Advisory 2022-07

Jul 15, 2022 · Vulnerability/Stored XSS Severity/medium CVSS/6.8

Stored Cross-Site Scripting (XSS) in Octopus Server help sidebar (CVE-2022-29890)
Read More
Security Advisory 2022-06

Jul 15, 2022 · Vulnerability/Insecure Direct Object Reference (IDOR) Severity/medium CVSS/6.5

Insecure Direct Object Reference (IDOR) of Project Exports in Octopus Server (CVE-2022-1881)
Read More
- 1
- 2
- 3
- 4
- 5