Octopus Deploy Security Advisories
Home
Advisories icon
2021 2022 2023 2024 2025
Severity Levels
Disclosure Policy

  • Security Advisory 2024-09

    Oct 1, 2024 · Vulnerability/SQL-Injection Severity/High CVSS/8.7

    SQL Injection in the Octopus Server REST API (CVE-2024-9194)

    Read More

  • Security Advisory 2024-01

    Apr 2, 2024 · Vulnerability/Privilege-Escalation Severity/high CVSS/8.8

    Race condition could lead to privilege escalation (CVE-2024-2975)

    Read More

  • Security Advisory 2022-23

    Nov 1, 2022 · Vulnerability/Broken access control Severity/high CVSS/7.3

    Disabled/Deleted users API keys are still usable when access is revoked via an External Auth Provider (CVE-2022-2572)

    Read More

  • Security Advisory 2022-20

    Oct 14, 2022 · Vulnerability/Authentication Bypass by Capture-replay Severity/high CVSS/8.0

    Git connection checker can initiate an SMB connection leading to NTLM relay attack (CVE-2022-2780)

    Read More

  • Security Advisory 2022-11

    Aug 19, 2022 · Vulnerability/Regex Denial of Service Severity/high CVSS/7.1

    ReDoS in Variable Project Templates (CVE-2022-2074)

    Read More

  • Security Advisory 2021-11

    Nov 24, 2021 · Vulnerability/Local-Privilege-Escalation Severity/High

    Local privilege escalation in Octopus Tentacle (CVE-2021-31822)

    Read More

  • Security Advisory 2021-10

    Sep 22, 2021 · Vulnerability/Remote-Code-Execution Severity/High

    Remote Code Execution in Octopus Tentacle (CVE-2021-31819)

    Read More

  • Security Advisory 2021-09

    Sep 22, 2021 · Vulnerability/Remote-Code-Execution Severity/High

    Remote Code Execution in Octopus Server (CVE-2021-31819)

    Read More

  • Security Advisory 2021-08

    Sep 22, 2021 · Vulnerability/Remote-Code-Execution Severity/High

    Remote Code Execution via Deserialisation in the Halibut Protocol (CVE-2021-31819)

    Read More

  • Security Advisory 2021-04

    Jun 10, 2021 · Vulnerability/SQL-Injection Severity/high

    SQL Injection in the Events REST API in Octopus Server (CVE-2021-31818)

    Read More
    • ««
    • «
    • 1
    • 2
    • »
    • »»

Recent Security Advisories

  • Security Advisory 2025-06
  • Security Advisory 2025-05
  • Security Advisory 2025-04
  • Security Advisory 2025-03
  • Security Advisory 2025-02
  • Security Advisory 2025-01
  • Security Advisory 2024-10
  • Security Advisory 2024-09

Products

OCTOPUS SERVER 59 OCTOPUS TENTACLE 4 OCTOPUS DEPLOY TEAMCITY PLUGIN 3 OCTOPUS JAVA SDK 3 HALIBUT 1 KUBERNETES WORKER AND AGENT 1

Tags

SEVERITY/MEDIUM 36 SEVERITY/LOW 23 SEVERITY/HIGH 12 VULNERABILITY/INFORMATION EXPOSURE 7 VULNERABILITY/VULNERABLE-DEPENDENCY 6 CVSS/6.5 5 VULNERABILITY/BROKEN ACCESS CONTROL 5 VULNERABILITY/CLEAR-TEXT-STORAGE-OF-SENSITIVE-VALUE 5 VULNERABILITY/STORED XSS 4 CVSS/5.5 3 CVSS/5.7 3 CVSS/5.9 3 CVSS/6.4 3 CVSS/6.8 3
All Tags
CVSS/1.81 CVSS/2.22 CVSS/2.32 CVSS/2.41 CVSS/2.51 CVSS/2.62 CVSS/3.01 CVSS/3.12 CVSS/3.41 CVSS/3.52 CVSS/3.61 CVSS/3.81 CVSS/3.91 CVSS/4.12 CVSS/4.21 CVSS/4.32 CVSS/4.91 CVSS/5.31 CVSS/5.41 CVSS/5.53 CVSS/5.73 CVSS/5.93 CVSS/6.32 CVSS/6.43 CVSS/6.55 CVSS/6.83 CVSS/6.91 CVSS/7.11 CVSS/7.31 CVSS/8.01 CVSS/8.71 CVSS/8.81 SEVERITY/HIGH12 SEVERITY/LOW23 SEVERITY/MEDIUM36 VULNERABILITY/ABNORMAL INVITE CODE FUNCTIONALITY1 VULNERABILITY/AUTHENTICATION BYPASS BY CAPTURE-REPLAY1 VULNERABILITY/AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL1 VULNERABILITY/BROKEN ACCESS CONTROL5 VULNERABILITY/CLEAR-TEXT-STORAGE-OF-SENSITIVE-VALUE5 VULNERABILITY/CROSS-SITE SCRIPTING (XSS)1 VULNERABILITY/CSRF1 VULNERABILITY/DENIAL OF SERVICE3 VULNERABILITY/ENCRYPTION1 VULNERABILITY/EXPOSURE OF SENSITIVE INFORMATION THROUGH ENVIRONMENTAL VARIABLES1 VULNERABILITY/IMPROPER NEUTRALISATION OF SPECIAL ELEMENTS USED IN A COMMAND1 VULNERABILITY/IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES1 VULNERABILITY/INCORRECT AUTHORISATION1 VULNERABILITY/INCORRECT PRIVILEGE ASSIGNMENT3 VULNERABILITY/INFORMATION DISCLOSURE2 VULNERABILITY/INFORMATION EXPOSURE7 VULNERABILITY/INSECURE DIRECT OBJECT REFERENCE (IDOR)1 VULNERABILITY/INSERTION OF SENSITIVE INFORMATION INTO LOG FILE1 VULNERABILITY/INSUFFICIENT SESSION EXPIRATION2 VULNERABILITY/LOCAL-PRIVILEGE-ESCALATION3 VULNERABILITY/LOGGING1 VULNERABILITY/OBSERVABLE DISCREPANCY1 VULNERABILITY/OPEN-REDIRECT1 VULNERABILITY/PATH TRAVERSAL1 VULNERABILITY/PRIVILEGE-ESCALATION1 VULNERABILITY/RATE LIMIT BYPASS1 VULNERABILITY/REGEX DENIAL OF SERVICE3 VULNERABILITY/REMOTE-CODE-EXECUTION3 VULNERABILITY/SENSITIVE VARIABLE EXPOSURE1 VULNERABILITY/SERVER-SIDE REQUEST FORGERY2 VULNERABILITY/SERVER-SIDE REQUEST FORGERY (SSRF)1 VULNERABILITY/SQL-INJECTION2 VULNERABILITY/STORED XSS4 VULNERABILITY/VARIABLE SECRET EXPOSURE1 VULNERABILITY/VULNERABLE-DEPENDENCY6
[A~Z][0~9]
Octopus Deploy Security Advisories

Copyright   OCTOPUS DEPLOY SECURITY ADVISORIES. All Rights Reserved