Vulnerabilidades em Octopus Deploy
66 resultadosCVE-2022-2780HIGHIn affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB requesEPSS 0.5%CVE-2022-2258MEDIUMIn affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view theseEPSS 0.5%CVE-2022-1502—Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users wiEPSS 0.5%CVE-2022-1881—In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download EPSS 0.5%CVE-2022-1901—In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview.EPSS 0.5%CVE-2022-4870MEDIUMIn affected versions of Octopus Deploy it is possible to discover network details via error messageEPSS 0.4%CVE-2022-2720MEDIUMIn affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value maskinEPSS 0.4%CVE-2023-2247—In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview functionEPSS 0.4%CVE-2022-30532—In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy.EPSS 0.4%CVE-2022-2760MEDIUMIn affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an erroEPSS 0.4%CVE-2022-2259MEDIUMIn affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view tEPSS 0.4%CVE-2022-2528—In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing pEPSS 0.4%CVE-2022-2507MEDIUMIn affected versions of Octopus Deploy it is possible to render user supplied input into the webpageEPSS 0.4%CVE-2022-3614MEDIUMIn affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication chEPSS 0.4%CVE-2025-0588MEDIUMIn affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all server responses. By sEPSS 0.4%CVE-2022-29890—In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link.EPSS 0.4%CVE-2024-2975HIGHA race condition was identified through which privilege escalation was possible in certain configurations.EPSS 0.4%CVE-2022-4898MEDIUMIn affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. ThiEPSS 0.4%CVE-2023-1904MEDIUMIn affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of OcEPSS 0.4%CVE-2025-0525LOWIn affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file. This could EPSS 0.3%