Filter
AND

Versions

3.17.6
3
0.9
2
2019.6.0
2
2019.9.0
2
3.4.0
2
3.7.0
2
2.0
1
2018.1.0
1
2018.10.0
1
2018.10.1
1
2018.10.2
1
2018.10.3
1
2018.3.0
1
2018.8.0
1
2018.9.17
1
2019.1.0
1
2019.10.4
1
2019.3.1
1
2019.4.0
1
2019.7.2
1
2019.8.2
1
2020.1
1
2020.1.1
1
2020.3
1
2020.4.0
1
2020.4.2
1
2020.4.4
1
2022.1.1495
1
2022.4.0
1
3.0
1
3.0.19
1
3.1.0
1
3.11.13
1
3.13.6
1
3.17.3
1
3.2.11
1
3.3.0
1
3.6.0
1
4.1.10
1
4.1.5
1

Octopus Octopus DeployIn Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to thei…

high
8.8
First published (updated )
CVE-2020-10678

Octopus Octopus DeployAn issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can m…

high
8.8
First published (updated )
CVE-2018-5706

Octopus Octopus DeployIn Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit p…

high
8.8
First published (updated )
CVE-2018-4862

Octopus Octopus DeployCVE-2017-17665

First published (updated )
CVE-2017-17665

Octopus Octopus DeployIn Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user wit…

high
8.1
First published (updated )
CVE-2019-11632

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Octopus Octopus DeployWhen Octopus Server is installed using a custom folder location, folder ACLs are not set correctly a…

high
7.8
First published (updated )
CVE-2021-26556

Octopus Octopus DeployOctopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variab…

high
7.5
First published (updated )
CVE-2017-15609

Octopus Octopus DeployAn issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may a…

high
7.5
First published (updated )
CVE-2020-27155

Octopus Octopus DeployIn Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in…

high
7.5
First published (updated )
CVE-2020-25825

Octopus Octopus DeployIn Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4.1, if an authenticated user cr…

high
7.5
First published (updated )
CVE-2020-24566

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Octopus Octopus DeployIn Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against th…

high
7.5
First published (updated )
CVE-2018-10550

Octopus Octopus DeployIn Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled vi…

high
7.5
First published (updated )
CVE-2022-2013

Octopus Octopus DeployInput Validation, Null Pointer Dereference

medium
6.5
First published (updated )
CVE-2019-19376

Octopus Octopus DeployIn Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger…

medium
6.5
First published (updated )
CVE-2020-14470

Octopus Octopus DeployIn Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authentica…

medium
6.5
First published (updated )
CVE-2019-14268

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Octopus Octopus DeployAn Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (an…

medium
6.5
First published (updated )
CVE-2019-8944

Octopus Octopus DeployIn Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite …

medium
6.5
First published (updated )
CVE-2017-15611

Octopus Octopus DeployInfoleak

medium
6.5
First published (updated )
CVE-2017-15610

Octopus Octopus DeployIn Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user with incorrect permissions ma…

medium
6.5
First published (updated )
CVE-2018-12884

Octopus Octopus DeployIn Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissio…

medium
6.5
First published (updated )
CVE-2018-9039

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Octopus Octopus ServerPath Traversal

medium
6.3
First published (updated )
CVE-2017-11348

Octopus Octopus DeployIn Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modif…

medium
6.1
First published (updated )
CVE-2020-26161

Octopus Octopus DeployIn affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localh…

medium
6.1
First published (updated )
CVE-2022-23184

Octopus Octopus DeployInfoleak

medium
5.5
First published (updated )
CVE-2018-10581

Octopus Octopus DeployXSS

medium
5.4
First published (updated )
CVE-2017-16801

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Octopus Octopus DeployXSS

medium
5.4
First published (updated )
CVE-2017-16810

Octopus Octopus DeployIn affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable …

medium
5.3
First published (updated )
CVE-2023-2247

Octopus Octopus DeployCSRF

medium
5.3
First published (updated )
CVE-2019-19375

Octopus Octopus DeployIn Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authen…

medium
4.9
First published (updated )
CVE-2019-14525

Octopus Octopus DeployIn Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the TaskView permission is not scoped …

medium
4.3
First published (updated )
CVE-2020-12286

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203