Severity/High | Octopus Deploy Security Advisories

Security Advisory 2022-23

Nov 1, 2022 · Vulnerability/Broken access control Severity/high CVSS/7.3

Disabled/Deleted users API keys are still usable when access is revoked via an External Auth Provider (CVE-2022-2572)
Read More
Security Advisory 2022-20

Oct 14, 2022 · Vulnerability/Authentication Bypass by Capture-replay Severity/high CVSS/8.0

Git connection checker can initiate an SMB connection leading to NTLM relay attack (CVE-2022-2780)
Read More
Security Advisory 2022-11

Aug 19, 2022 · Vulnerability/Regex Denial of Service Severity/high CVSS/7.1

ReDoS in Variable Project Templates (CVE-2022-2074)
Read More
Security Advisory 2021-11

Nov 24, 2021 · Vulnerability/Local-Privilege-Escalation Severity/High

Local privilege escalation in Octopus Tentacle (CVE-2021-31822)
Read More
Security Advisory 2021-10

Sep 22, 2021 · Vulnerability/Remote-Code-Execution Severity/High

Remote Code Execution in Octopus Tentacle (CVE-2021-31819)
Read More
Security Advisory 2021-09

Sep 22, 2021 · Vulnerability/Remote-Code-Execution Severity/High

Remote Code Execution in Octopus Server (CVE-2021-31819)
Read More
Security Advisory 2021-08

Sep 22, 2021 · Vulnerability/Remote-Code-Execution Severity/High

Remote Code Execution via Deserialisation in the Halibut Protocol (CVE-2021-31819)
Read More
Security Advisory 2021-04

Jun 10, 2021 · Vulnerability/SQL-Injection Severity/high

SQL Injection in the Events REST API in Octopus Server (CVE-2021-31818)
Read More
Security Advisory 2021-02

Mar 10, 2021 · Vulnerability/Local-Privilege-Escalation Severity/high

Local privilege escalation in Octopus Tentacle (CVE-2021-26557)
Read More
Security Advisory 2021-01

Mar 10, 2021 · Vulnerability/Local-Privilege-Escalation Severity/High

Local privilege escalation in Octopus Server (CVE-2021-26556)
Read More