Posts | Octopus Deploy Security Advisories

Security Advisory 2025-06

Mar 25, 2025 · Vulnerability/server-side request forgery Severity/Medium CVSS/5.9

Server Side Request Forgery (CVE-2025-0539)
Read More
Security Advisory 2025-05

Feb 10, 2025 · Vulnerability/Denial of Service Severity/Medium CVSS/5.9

Denial of Service with Backdoor access
Read More
Security Advisory 2025-04

Feb 10, 2025 · Vulnerability/Stored XSS Severity/low CVSS/1.8

XSS in Octopus Deploy error page (CVE-2024-0513)
Read More
Security Advisory 2025-03

Feb 10, 2025 · Vulnerability/path traversal Severity/low CVSS/2.3

File Upload Path Traversal (CVE-2025-0526)
Read More
Security Advisory 2025-02

Feb 10, 2025 · Vulnerability/Observable Discrepancy Severity/low CVSS/2.3

File Existence Disclosure (CVE-2025-0525)
Read More
Security Advisory 2025-01

Jan 23, 2025 · Vulnerability/Incorrect Authorisation Severity/medium CVSS/6.9

Active Directory data can be read using API endpoints without Authentication (CVE-2025-0589)
Read More
Security Advisory 2024-10

Dec 5, 2024 · Vulnerability/Information disclosure Severity/Medium CVSS/4.9

Sensitive Variables Exposed in Logs (CVE-2024-12226)
Read More
Security Advisory 2024-09

Oct 1, 2024 · Vulnerability/SQL-Injection Severity/High CVSS/8.7

SQL Injection in the Octopus Server REST API (CVE-2024-9194)
Read More
Security Advisory 2024-08

Sep 11, 2024 · Vulnerability/Improper Restriction of Rendered UI Layers or Frames Severity/low CVSS/2.6

Insufficient Content Security Policy Configuration (CVE-2024-1656)
Read More
Security Advisory 2024-07

Aug 20, 2024 · Vulnerability/Insufficient Session Expiration Severity/low CVSS/2.6

Incorrect OIDC cookie expiration time (CVE-2024-7998)
Read More
- 1
- 2
- 3
- 4
- 5