Octopus Deploy Security Advisories

Security Advisory 2022-24

Nov 25, 2022 · Vulnerability/Insertion of Sensitive Information into Log File Severity/medium CVSS/4.1

Target Discovery prints certain sensitive values in plain-text when verbose logging is enabled (CVE-2022-2721)
Read More
Security Advisory 2022-23

Nov 1, 2022 · Vulnerability/Broken access control Severity/high CVSS/7.3

Disabled/Deleted users API keys are still usable when access is revoked via an External Auth Provider (CVE-2022-2572)
Read More
Security Advisory 2022-22

Oct 27, 2022 · Vulnerability/Information Exposure Severity/low CVSS/3.6

Resource validation in error messaging (CVE-2022-2508)
Read More
Security Advisory 2022-21

Oct 25, 2022 · Vulnerability/Insufficient Session Expiration Severity/medium CVSS/5.7

Session cookie date isn't validated against server policy (CVE-2022-2782)
Read More
Security Advisory 2022-20

Oct 14, 2022 · Vulnerability/Authentication Bypass by Capture-replay Severity/high CVSS/8.0

Git connection checker can initiate an SMB connection leading to NTLM relay attack (CVE-2022-2780)
Read More
Security Advisory 2022-19

Oct 13, 2022 · Vulnerability/Information exposure Severity/medium CVSS/5.7

User without team permission can obtain teams along with its members, description and permissions associated through API request (CVE-2022-2828)
Read More
Security Advisory 2022-18

Oct 11, 2022 · Vulnerability/Information exposure Severity/medium CVSS/5.4

Sensitive value will only be partially masked when certain substrings exist in the set (CVE-2022-2720)
Read More
Security Advisory 2022-17

Oct 6, 2022 · Vulnerability/CSRF Severity/medium CVSS/6.3

Session cookie can be used as the CSRF token (CVE-2022-2783)
Read More
Security Advisory 2022-16

Oct 5, 2022 · Vulnerability/Encryption Severity/medium CVSS/5.5

Encrypted variables and session cookies use the same encryption process (CVE-2022-2781)
Read More
Security Advisory 2022-15

Sep 27, 2022 · Vulnerability/Rate limit bypass Severity/low CVSS/2.2

Login password rate limit can be bypassed with null bytes (CVE-2022-2778)
Read More
- 2
- 3
- 4
- 5
- 6