Severity/Medium | Octopus Deploy Security Advisories

Security Advisory 2023-01

Jan 30, 2023 · Vulnerability/Stored XSS Severity/medium CVSS/6.8

Stored Cross-Site Scripting (XSS) in Octopus Server help sidebar (CVE-2022-4898)
Read More
Security Advisory 2022-25

Dec 21, 2022 · Vulnerability/Exposure of Sensitive Information Through Environmental Variables Severity/medium CVSS/5.9

Certain types of sensitive variables may be displayed as plain text in variable preview (CVE-2022-3460)
Read More
Security Advisory 2022-24

Nov 25, 2022 · Vulnerability/Insertion of Sensitive Information into Log File Severity/medium CVSS/4.1

Target Discovery prints certain sensitive values in plain-text when verbose logging is enabled (CVE-2022-2721)
Read More
Security Advisory 2022-21

Oct 25, 2022 · Vulnerability/Insufficient Session Expiration Severity/medium CVSS/5.7

Session cookie date isn't validated against server policy (CVE-2022-2782)
Read More
Security Advisory 2022-19

Oct 13, 2022 · Vulnerability/Information exposure Severity/medium CVSS/5.7

User without team permission can obtain teams along with its members, description and permissions associated through API request (CVE-2022-2828)
Read More
Security Advisory 2022-18

Oct 11, 2022 · Vulnerability/Information exposure Severity/medium CVSS/5.4

Sensitive value will only be partially masked when certain substrings exist in the set (CVE-2022-2720)
Read More
Security Advisory 2022-17

Oct 6, 2022 · Vulnerability/CSRF Severity/medium CVSS/6.3

Session cookie can be used as the CSRF token (CVE-2022-2783)
Read More
Security Advisory 2022-16

Oct 5, 2022 · Vulnerability/Encryption Severity/medium CVSS/5.5

Encrypted variables and session cookies use the same encryption process (CVE-2022-2781)
Read More
Security Advisory 2022-13

Sep 9, 2022 · Vulnerability/Broken access control Severity/medium CVSS/6.4

Service Account with FeedView permission can upload to built-in feed after re-indexing packages (CVE-2022-2528)
Read More
Security Advisory 2022-12

Aug 19, 2022 · Vulnerability/Regex Denial of Service Severity/medium CVSS/6.5

ReDoS in Build Information request (CVE-2022-2075)
Read More
- 1
- 2
- 3
- 4