Severity/Low | Octopus Deploy Security Advisories

Security Advisory 2024-08

Sep 11, 2024 · Vulnerability/Improper Restriction of Rendered UI Layers or Frames Severity/low CVSS/2.6

Insufficient Content Security Policy Configuration (CVE-2024-1656)
Read More
Security Advisory 2024-07

Aug 20, 2024 · Vulnerability/Insufficient Session Expiration Severity/low CVSS/2.6

Incorrect OIDC cookie expiration time (CVE-2024-7998)
Read More
Security Advisory 2024-05

Jul 24, 2024 · Vulnerability/Broken access control Severity/low CVSS/2.2

Access to failed project imports in restricted spaces. (CVE-2024-4811)
Read More
Security Advisory 2024-03

Apr 30, 2024 · Vulnerability/Information exposure Severity/low CVSS/3.5

Users with no permissions can see all users (CVE-2024-4226)
Read More
Security Advisory 2023-09

May 15, 2023 · Vulnerability/Server-Side Request Forgery Severity/low CVSS/3.5

Network discovery via error message detail (CVE-2022-4870)
Read More
Security Advisory 2023-07

Apr 26, 2023 · Vulnerability/Variable Secret Exposure Severity/low CVSS/3.8

Variable preview can unmask secrets (CVE-2023-2247)
Read More
Security Advisory 2023-06

Apr 19, 2023 · Vulnerability/Cross-Site Scripting (XSS) Severity/low CVSS/2.5

Weak Content Security Policy Header (CVE-2022-2507)
Read More
Security Advisory 2023-05

Mar 13, 2023 · Vulnerability/Improper Neutralisation of Special Elements used in a Command Severity/low CVSS/3.9

Command injection via offline package creation (CVE-2022-4009)
Read More
Security Advisory 2023-03

Mar 10, 2023 · Vulnerability/Incorrect Privilege Assignment Severity/low CVSS/3.1

Able to view tagsets without assigned permissions (CVE-2022-2258)
Read More
Security Advisory 2023-04

Mar 10, 2023 · Vulnerability/Incorrect Privilege Assignment Severity/low CVSS/3.1

Able to view workerpools without assigned permissions (CVE-2022-2259)
Read More
- 1
- 2