Octopus Deploy Security Advisories
Home
Advisories icon
2021 2022 2023
Severity Levels
Disclosure Policy

  • Security Advisory 2022-23

    Nov 1, 2022 · Vulnerability/Broken access control Severity/high CVSS/7.3

    Disabled/Deleted users API keys are still usable when access is revoked via an External Auth Provider (CVE-2022-2572)

    Read More

  • Security Advisory 2022-20

    Oct 14, 2022 · Vulnerability/Authentication Bypass by Capture-replay Severity/high CVSS/8.0

    Git connection checker can initiate an SMB connection leading to NTLM relay attack (CVE-2022-2780)

    Read More

  • Security Advisory 2022-11

    Aug 19, 2022 · Vulnerability/Regex Denial of Service Severity/high CVSS/7.1

    ReDoS in Variable Project Templates (CVE-2022-2074)

    Read More

  • Security Advisory 2021-11

    Nov 24, 2021 · Vulnerability/Local-Privilege-Escalation Severity/High

    Local privilege escalation in Octopus Tentacle (CVE-2021-31822)

    Read More

  • Security Advisory 2021-10

    Sep 22, 2021 · Vulnerability/Remote-Code-Execution Severity/High

    Remote Code Execution in Octopus Tentacle (CVE-2021-31819)

    Read More

  • Security Advisory 2021-09

    Sep 22, 2021 · Vulnerability/Remote-Code-Execution Severity/High

    Remote Code Execution in Octopus Server (CVE-2021-31819)

    Read More

  • Security Advisory 2021-08

    Sep 22, 2021 · Vulnerability/Remote-Code-Execution Severity/High

    Remote Code Execution via Deserialisation in the Halibut Protocol (CVE-2021-31819)

    Read More

  • Security Advisory 2021-04

    Jun 10, 2021 · Vulnerability/SQL-Injection Severity/high

    SQL Injection in the Events REST API in Octopus Server (CVE-2021-31818)

    Read More

  • Security Advisory 2021-02

    Mar 10, 2021 · Vulnerability/Local-Privilege-Escalation Severity/high

    Local privilege escalation in Octopus Tentacle (CVE-2021-26557)

    Read More

  • Security Advisory 2021-01

    Mar 10, 2021 · Vulnerability/Local-Privilege-Escalation Severity/High

    Local privilege escalation in Octopus Server (CVE-2021-26556)

    Read More

Recent Security Advisories

  • Security Advisory 2023-11
  • Security Advisory 2023-10
  • Security Advisory 2023-09
  • Security Advisory 2023-08
  • Security Advisory 2023-07
  • Security Advisory 2023-06
  • Security Advisory 2023-05
  • Security Advisory 2023-03

Products

OCTOPUS-SERVER 43 OCTOPUS-TENTACLE 4 OCTOPUS-DEPLOY-TEAMCITY-PLUGIN 3 OCTOPUS-JAVA-SDK 3 HALIBUT 1

Tags

SEVERITY/MEDIUM 28 SEVERITY/LOW 16 SEVERITY/HIGH 10 VULNERABILITY/VULNERABLE-DEPENDENCY 6 VULNERABILITY/CLEAR-TEXT-STORAGE-OF-SENSITIVE-VALUE 5 CVSS/6.5 4 VULNERABILITY/BROKEN-ACCESS-CONTROL 4 VULNERABILITY/INFORMATION-EXPOSURE 4 CVSS/5.5 3 CVSS/5.7 3 CVSS/6.4 3 CVSS/6.8 3 VULNERABILITY/INCORRECT-PRIVILEGE-ASSIGNMENT 3 VULNERABILITY/LOCAL-PRIVILEGE-ESCALATION 3
All Tags
CVSS/2.21 CVSS/2.41 CVSS/2.51 CVSS/3.01 CVSS/3.12 CVSS/3.41 CVSS/3.51 CVSS/3.61 CVSS/3.81 CVSS/3.91 CVSS/4.11 CVSS/4.31 CVSS/5.31 CVSS/5.41 CVSS/5.53 CVSS/5.73 CVSS/5.91 CVSS/6.32 CVSS/6.43 CVSS/6.54 CVSS/6.83 CVSS/7.11 CVSS/7.31 CVSS/8.01 SEVERITY/HIGH10 SEVERITY/LOW16 SEVERITY/MEDIUM28 VULNERABILITY/ABNORMAL-INVITE-CODE-FUNCTIONALITY1 VULNERABILITY/AUTHENTICATION-BYPASS-BY-CAPTURE-REPLAY1 VULNERABILITY/AUTHENTICATION-BYPASS-USING-AN-ALTERNATE-PATH-OR-CHANNEL1 VULNERABILITY/BROKEN-ACCESS-CONTROL4 VULNERABILITY/CLEAR-TEXT-STORAGE-OF-SENSITIVE-VALUE5 VULNERABILITY/CROSS-SITE-SCRIPTING-XSS1 VULNERABILITY/CSRF1 VULNERABILITY/DENIAL-OF-SERVICE2 VULNERABILITY/ENCRYPTION1 VULNERABILITY/EXPOSURE-OF-SENSITIVE-INFORMATION-THROUGH-ENVIRONMENTAL-VARIABLES1 VULNERABILITY/IMPROPER-NEUTRALISATION-OF-SPECIAL-ELEMENTS-USED-IN-A-COMMAND1 VULNERABILITY/INCORRECT-PRIVILEGE-ASSIGNMENT3 VULNERABILITY/INFORMATION-EXPOSURE4 VULNERABILITY/INSECURE-DIRECT-OBJECT-REFERENCE-IDOR1 VULNERABILITY/INSERTION-OF-SENSITIVE-INFORMATION-INTO-LOG-FILE1 VULNERABILITY/INSUFFICIENT-SESSION-EXPIRATION1 VULNERABILITY/LOCAL-PRIVILEGE-ESCALATION3 VULNERABILITY/LOGGING1 VULNERABILITY/OPEN-REDIRECT1 VULNERABILITY/RATE-LIMIT-BYPASS1 VULNERABILITY/REGEX-DENIAL-OF-SERVICE3 VULNERABILITY/REMOTE-CODE-EXECUTION3 VULNERABILITY/SENSITIVE-VARIABLE-EXPOSURE1 VULNERABILITY/SERVER-SIDE-REQUEST-FORGERY1 VULNERABILITY/SERVER-SIDE-REQUEST-FORGERY-SSRF1 VULNERABILITY/SQL-INJECTION1 VULNERABILITY/STORED-XSS2 VULNERABILITY/VARIABLE-SECRET-EXPOSURE1 VULNERABILITY/VULNERABLE-DEPENDENCY6
[A~Z][0~9]
Octopus Deploy Security Advisories

Copyright   OCTOPUS DEPLOY SECURITY ADVISORIES. All Rights Reserved