Filter

Software

octopus octopus server
45
octopus octopus deploy
31
octopus server
9
octopus tentacle
4
octopus halibut
1

Octopus HalibutIn Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote …

critical
10
First published (updated )
CVE-2021-31819

Octopus Octopus ServerIn Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do n…

critical
9.8
First published (updated )
CVE-2018-11320

Octopus Octopus ServerIn affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null by…

critical
9.8
First published (updated )
CVE-2022-2778

Octopus Octopus ServerIn affected versions of Octopus Server where access is managed by an external authentication provide…

critical
9.8
First published (updated )
CVE-2022-2572

Octopus Octopus ServerIn affected versions of Octopus Server it is possible for a session token to be valid indefinitely d…

critical
9.1
First published (updated )
CVE-2022-2782

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Octopus Octopus ServerIn Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission t…

critical
9
First published (updated )
CVE-2018-18850

Octopus Octopus DeployIn Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to thei…

high
8.8
First published (updated )
CVE-2020-10678

Octopus Octopus DeployAn issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can m…

high
8.8
First published (updated )
CVE-2018-5706

Octopus Octopus DeployIn Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit p…

high
8.8
First published (updated )
CVE-2018-4862

Octopus Octopus DeployCVE-2017-17665

First published (updated )
CVE-2017-17665

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Octopus Octopus ServerCommand Injection

high
8.8
First published (updated )
CVE-2022-4009

Octopus Octopus DeployIn Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user wit…

high
8.1
First published (updated )
CVE-2019-11632

Octopus Octopus ServerIn affected versions of Octopus Server it is possible to use the Git Connectivity test function on t…

high
8.1
First published (updated )
CVE-2022-2780

Octopus TentacleWhen Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions…

high
7.8
First published (updated )
CVE-2021-31822

Octopus TentacleWhen Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly…

high
7.8
First published (updated )
CVE-2021-26557

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Octopus Octopus DeployWhen Octopus Server is installed using a custom folder location, folder ACLs are not set correctly a…

high
7.8
First published (updated )
CVE-2021-26556

Octopus ServerWhen configuring Octopus Server if it is configured with an external SQL database, on initial config…

high
7.5
First published (updated )
CVE-2021-31816

Octopus ServerWhen configuring Octopus Server if it is configured with an external SQL database, on initial config…

high
7.5
First published (updated )
CVE-2021-31817

Octopus Octopus DeployOctopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variab…

high
7.5
First published (updated )
CVE-2017-15609

Octopus Octopus DeployAn issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may a…

high
7.5
First published (updated )
CVE-2020-27155

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Octopus Octopus DeployIn Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in…

high
7.5
First published (updated )
CVE-2020-25825

Octopus Octopus ServerIn Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with …

high
7.5
First published (updated )
CVE-2021-31820

Octopus ServerCleartext storage of sensitive information in multiple versions of Octopus Server where in certain s…

high
7.5
First published (updated )
CVE-2021-30183

Octopus Octopus DeployIn Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4.1, if an authenticated user cr…

high
7.5
First published (updated )
CVE-2020-24566

Octopus Octopus ServerInfoleak

high
7.5
First published (updated )
CVE-2018-12089

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Octopus Octopus DeployIn Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against th…

high
7.5
First published (updated )
CVE-2018-10550

Octopus Octopus ServerWhen generating a user invitation code in Octopus Server, the validity of this code can be set for a…

high
7.5
First published (updated )
CVE-2022-1670

Octopus Octopus DeployIn Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled vi…

high
7.5
First published (updated )
CVE-2022-2013

Octopus Octopus ServerIn affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the p…

high
7.5
First published (updated )
CVE-2022-2049

Octopus Octopus ServerIn affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting…

high
7.5
First published (updated )
CVE-2022-2075

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203