Vulnerabilidades en Octopus Deploy

66 resultados

CVE-2021-31819—In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already tEPSS 2.3%CVE-2022-2883HIGHIn affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of ServiceEPSS 1.0%CVE-2021-31817—When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is writtenEPSS 0.9%CVE-2021-31816—When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is writtenEPSS 0.9%CVE-2022-2013—In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new EPSS 0.8%CVE-2022-1670—When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possibEPSS 0.8%CVE-2022-2074—In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template.EPSS 0.7%CVE-2022-4009HIGHIn affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creationEPSS 0.7%CVE-2022-2572CRITICALIn affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keysEPSS 0.7%CVE-2022-2778CRITICALIn affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes.EPSS 0.7%CVE-2022-2049—In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.EPSS 0.7%CVE-2022-2075—In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validatioEPSS 0.7%CVE-2021-31818—Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied dEPSS 0.6%CVE-2021-31820—In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown inEPSS 0.6%CVE-2022-2721HIGHIn affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plainEPSS 0.6%CVE-2022-3460HIGHIn affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed EPSS 0.6%CVE-2022-23184—In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open rediEPSS 0.6%CVE-2022-2782CRITICALIn affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the sessionEPSS 0.5%CVE-2022-2828MEDIUMIn affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object ReferenEPSS 0.5%CVE-2022-2508MEDIUMIn affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to EPSS 0.5%

← anteriorpágina 1 / 4siguiente →