Octopus Deploy Security Advisories
Home
Advisories icon
2021 2022
Severity Levels
Disclosure Policy
  • Security Advisory 2022-07

    Jul 15, 2022 · Vulnerability/Stored XSS Severity/medium CVSS/6.8

    Stored Cross-Site Scripting (XSS) in Octopus Server help sidebar (CVE-2022-29890)

    Read More
  • Security Advisory 2022-06

    Jul 15, 2022 · Vulnerability/Insecure Direct Object Reference (IDOR) Severity/medium CVSS/6.5

    Insecure Direct Object Reference (IDOR) of Project Exports in Octopus Server (CVE-2022-1881)

    Read More
  • Security Advisory 2022-05

    Jun 13, 2022 · Vulnerability/Broken Access Control Severity/medium CVSS/5.7

    Script Console Access via Private Space in Octopus Server (CVE-2022-2013)

    Read More
  • Security Advisory 2022-04

    May 19, 2022 · Vulnerability/Abnormal invite code functionality Severity/Low CVSS/3.4

    User invitation limit in Octopus Server can be exceeded (CVE-2022-1670)

    Read More
  • Security Advisory 2022-03

    May 4, 2022 · Vulnerability/Broken-Access-Control Severity/medium CVSS/6.4

    Broken access control in API for projects using Git VCS (CVE-2022-1502)

    Read More
  • Security Advisory 2022-02

    Feb 7, 2022 · Vulnerability/Open-Redirect Severity/medium CVSS/4.3

    Open Redirect Vulnerability in Octopus Server (CVE-2022-23184)

    Read More
  • Security Advisory 2022-01

    Jan 19, 2022 · Vulnerability/Clear-Text-Storage-Of-Sensitive-Value Severity/medium CVSS/6.3

    Cleartext Storage of Sensitive Information in Octopus Tentacle Windows Docker image (CVE-2021-31821)

    Read More
  • Security Advisory 2021-17

    Dec 20, 2021 · Vulnerability/Vulnerable-Dependency Severity/Low

    Octopus Java Client SDK log4j 2.16.0 dependency (CVE-2021-45105)

    Read More
  • Security Advisory 2021-16

    Dec 20, 2021 · Vulnerability/Vulnerable-Dependency Severity/Low

    Octopus Deploy TeamCity Plugin log4j 2.16.0 dependency (CVE-2021-45105)

    Read More
  • Security Advisory 2021-15

    Dec 15, 2021 · Vulnerability/Vulnerable-Dependency Severity/Low

    Octopus Java Client SDK log4j 2.15.0 dependency (CVE-2021-45046)

    Read More
    • ««
    • «
    • 1
    • 2
    • 3
    • 4
    • 5
    • »
    • »»

Recent Security Advisories

  • Security Advisory 2022-27
  • Security Advisory 2022-26
  • Security Advisory 2022-25
  • Security Advisory 2022-24
  • Security Advisory 2022-23
  • Security Advisory 2022-22
  • Security Advisory 2022-21
  • Security Advisory 2022-20

Products

OCTOPUS-SERVER 34 OCTOPUS-DEPLOY-TEAMCITY-PLUGIN 3 OCTOPUS-JAVA-SDK 3 OCTOPUS-TENTACLE 3 HALIBUT 1

Tags

SEVERITY/MEDIUM 24 SEVERITY/HIGH 10 SEVERITY/LOW 10 VULNERABILITY/VULNERABLE-DEPENDENCY 6 VULNERABILITY/CLEAR-TEXT-STORAGE-OF-SENSITIVE-VALUE 5 VULNERABILITY/BROKEN-ACCESS-CONTROL 4 VULNERABILITY/INFORMATION-EXPOSURE 4 CVSS/5.7 3 CVSS/6.4 3 CVSS/6.8 3 VULNERABILITY/LOCAL-PRIVILEGE-ESCALATION 3 VULNERABILITY/REGEX-DENIAL-OF-SERVICE 3 VULNERABILITY/REMOTE-CODE-EXECUTION 3 CVSS/6.3 2
All Tags
CVSS/2.21 CVSS/2.41 CVSS/3.01 CVSS/3.41 CVSS/3.61 CVSS/4.11 CVSS/4.31 CVSS/5.31 CVSS/5.41 CVSS/5.51 CVSS/5.73 CVSS/5.91 CVSS/6.32 CVSS/6.43 CVSS/6.52 CVSS/6.83 CVSS/7.11 CVSS/7.31 CVSS/8.01 SEVERITY/HIGH10 SEVERITY/LOW10 SEVERITY/MEDIUM24 VULNERABILITY/ABNORMAL-INVITE-CODE-FUNCTIONALITY1 VULNERABILITY/AUTHENTICATION-BYPASS-BY-CAPTURE-REPLAY1 VULNERABILITY/AUTHENTICATION-BYPASS-USING-AN-ALTERNATE-PATH-OR-CHANNEL1 VULNERABILITY/BROKEN-ACCESS-CONTROL4 VULNERABILITY/CLEAR-TEXT-STORAGE-OF-SENSITIVE-VALUE5 VULNERABILITY/CSRF1 VULNERABILITY/ENCRYPTION1 VULNERABILITY/EXPOSURE-OF-SENSITIVE-INFORMATION-THROUGH-ENVIRONMENTAL-VARIABLES1 VULNERABILITY/INFORMATION-EXPOSURE4 VULNERABILITY/INSECURE-DIRECT-OBJECT-REFERENCE-IDOR1 VULNERABILITY/INSERTION-OF-SENSITIVE-INFORMATION-INTO-LOG-FILE1 VULNERABILITY/INSUFFICIENT-SESSION-EXPIRATION1 VULNERABILITY/LOCAL-PRIVILEGE-ESCALATION3 VULNERABILITY/LOGGING1 VULNERABILITY/OPEN-REDIRECT1 VULNERABILITY/RATE-LIMIT-BYPASS1 VULNERABILITY/REGEX-DENIAL-OF-SERVICE3 VULNERABILITY/REMOTE-CODE-EXECUTION3 VULNERABILITY/SENSITIVE-VARIABLE-EXPOSURE1 VULNERABILITY/SQL-INJECTION1 VULNERABILITY/STORED-XSS2 VULNERABILITY/VULNERABLE-DEPENDENCY6
[A~Z][0~9]
 Octopus Deploy Security Advisories

Copyright   OCTOPUS DEPLOY SECURITY ADVISORIES. All Rights Reserved