Octopus Deploy Security Advisories
Home
Advisories icon
2021 2022 2023 2024
Severity Levels
Disclosure Policy

  • Security Advisory 2024-06

    Jul 24, 2024 · Vulnerability/Information disclosure Severity/medium CVSS/6.5

    Sensitive Variables exposed in TaskLogs (CVE-2024-6972)

    Read More

  • Security Advisory 2024-04

    May 7, 2024 · Vulnerability/Stored XSS Severity/medium CVSS/4.1

    Stored XSS in Audit Page (CVE-2024-4456)

    Read More

  • Security Advisory 2024-02

    Apr 17, 2024 · Vulnerability/Information exposure Severity/medium CVSS/4.3

    2024-02 - API key disclosed in Octopus Server audit log.

    Read More

  • Security Advisory 2023-12

    Dec 12, 2023 · Vulnerability/Information exposure Severity/medium CVSS/4.2

    OpenID client secret logged in plain text during configuration (CVE-2023-1904)

    Read More

  • Security Advisory 2023-11

    Jul 27, 2023 · Vulnerability/Server-Side Request Forgery (SSRF) Severity/medium CVSS/5.5

    Blind SSRF vulnerability that allows enumeration/recon of an environment (CVE-2022-2416)

    Read More

  • Security Advisory 2023-10

    Jul 27, 2023 · Vulnerability/Incorrect Privilege Assignment Severity/medium CVSS/5.5

    Guest user with low permissions able to interact with extension endpoints (CVE-2022-2346)

    Read More

  • Security Advisory 2023-08

    May 10, 2023 · Vulnerability/Denial of Service Severity/medium CVSS/6.5

    Zipbomb resource exhaustion in Tentacle (CVE-2022-4008)

    Read More

  • Security Advisory 2023-02

    Feb 14, 2023 · Vulnerability/Denial of Service Severity/medium CVSS/6.5

    Zipbomb resource exhaustion in Octopus Server (CVE-2022-2883)

    Read More

  • Security Advisory 2023-01

    Jan 30, 2023 · Vulnerability/Stored XSS Severity/medium CVSS/6.8

    Stored Cross-Site Scripting (XSS) in Octopus Server help sidebar (CVE-2022-4898)

    Read More

  • Security Advisory 2022-25

    Dec 21, 2022 · Vulnerability/Exposure of Sensitive Information Through Environmental Variables Severity/medium CVSS/5.9

    Certain types of sensitive variables may be displayed as plain text in variable preview (CVE-2022-3460)

    Read More
    • ««
    • «
    • 1
    • 2
    • 3
    • 4
    • »
    • »»

Recent Security Advisories

  • Security Advisory 2024-09
  • Security Advisory 2024-08
  • Security Advisory 2024-07
  • Security Advisory 2024-06
  • Security Advisory 2024-05
  • Security Advisory 2024-04
  • Security Advisory 2024-03
  • Security Advisory 2024-02

Products

OCTOPUS SERVER 53 OCTOPUS TENTACLE 4 OCTOPUS DEPLOY TEAMCITY PLUGIN 3 OCTOPUS JAVA SDK 3 HALIBUT 1

Tags

SEVERITY/MEDIUM 32 SEVERITY/LOW 20 SEVERITY/HIGH 12 VULNERABILITY/INFORMATION EXPOSURE 7 VULNERABILITY/VULNERABLE-DEPENDENCY 6 CVSS/6.5 5 VULNERABILITY/BROKEN ACCESS CONTROL 5 VULNERABILITY/CLEAR-TEXT-STORAGE-OF-SENSITIVE-VALUE 5 CVSS/5.5 3 CVSS/5.7 3 CVSS/6.4 3 CVSS/6.8 3 VULNERABILITY/INCORRECT PRIVILEGE ASSIGNMENT 3 VULNERABILITY/LOCAL-PRIVILEGE-ESCALATION 3
All Tags
CVSS/2.22 CVSS/2.41 CVSS/2.51 CVSS/2.62 CVSS/3.01 CVSS/3.12 CVSS/3.41 CVSS/3.52 CVSS/3.61 CVSS/3.81 CVSS/3.91 CVSS/4.12 CVSS/4.21 CVSS/4.32 CVSS/5.31 CVSS/5.41 CVSS/5.53 CVSS/5.73 CVSS/5.91 CVSS/6.32 CVSS/6.43 CVSS/6.55 CVSS/6.83 CVSS/7.11 CVSS/7.31 CVSS/8.01 CVSS/8.71 CVSS/8.81 SEVERITY/HIGH12 SEVERITY/LOW20 SEVERITY/MEDIUM32 VULNERABILITY/ABNORMAL INVITE CODE FUNCTIONALITY1 VULNERABILITY/AUTHENTICATION BYPASS BY CAPTURE-REPLAY1 VULNERABILITY/AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL1 VULNERABILITY/BROKEN ACCESS CONTROL5 VULNERABILITY/CLEAR-TEXT-STORAGE-OF-SENSITIVE-VALUE5 VULNERABILITY/CROSS-SITE SCRIPTING (XSS)1 VULNERABILITY/CSRF1 VULNERABILITY/DENIAL OF SERVICE2 VULNERABILITY/ENCRYPTION1 VULNERABILITY/EXPOSURE OF SENSITIVE INFORMATION THROUGH ENVIRONMENTAL VARIABLES1 VULNERABILITY/IMPROPER NEUTRALISATION OF SPECIAL ELEMENTS USED IN A COMMAND1 VULNERABILITY/IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES1 VULNERABILITY/INCORRECT PRIVILEGE ASSIGNMENT3 VULNERABILITY/INFORMATION DISCLOSURE1 VULNERABILITY/INFORMATION EXPOSURE7 VULNERABILITY/INSECURE DIRECT OBJECT REFERENCE (IDOR)1 VULNERABILITY/INSERTION OF SENSITIVE INFORMATION INTO LOG FILE1 VULNERABILITY/INSUFFICIENT SESSION EXPIRATION2 VULNERABILITY/LOCAL-PRIVILEGE-ESCALATION3 VULNERABILITY/LOGGING1 VULNERABILITY/OPEN-REDIRECT1 VULNERABILITY/PRIVILEGE-ESCALATION1 VULNERABILITY/RATE LIMIT BYPASS1 VULNERABILITY/REGEX DENIAL OF SERVICE3 VULNERABILITY/REMOTE-CODE-EXECUTION3 VULNERABILITY/SENSITIVE VARIABLE EXPOSURE1 VULNERABILITY/SERVER-SIDE REQUEST FORGERY1 VULNERABILITY/SERVER-SIDE REQUEST FORGERY (SSRF)1 VULNERABILITY/SQL-INJECTION2 VULNERABILITY/STORED XSS3 VULNERABILITY/VARIABLE SECRET EXPOSURE1 VULNERABILITY/VULNERABLE-DEPENDENCY6
[A~Z][0~9]
Octopus Deploy Security Advisories

Copyright   OCTOPUS DEPLOY SECURITY ADVISORIES. All Rights Reserved