Shodan
Vulnerabilities
Vulnerable Software
Octopus:  >> Octopus Server  >> 2022.1.2556  Security Vulnerabilities
CVE-2022-2346
In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-08-02
CVE-2022-4870
In affected versions of Octopus Deploy it is possible to discover network details via error message
CVSS Score
5.3
EPSS Score
0.002
Published
2023-05-18
CVE-2022-4008
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
CVSS Score
5.5
EPSS Score
0.0
Published
2023-05-10
CVE-2022-2507
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage
CVSS Score
5.3
EPSS Score
0.002
Published
2023-04-19
CVE-2022-4009
In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation
CVSS Score
8.8
EPSS Score
0.004
Published
2023-03-16
CVE-2022-2258
In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items
CVSS Score
4.3
EPSS Score
0.001
Published
2023-03-13
CVE-2022-2259
In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items
CVSS Score
4.3
EPSS Score
0.001
Published
2023-03-13
CVE-2022-2883
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
CVSS Score
7.5
EPSS Score
0.002
Published
2023-02-22
CVE-2022-4898
In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken to prevent the possibility of the support link being susceptible to XSS
CVSS Score
5.4
EPSS Score
0.0
Published
2023-01-31
CVE-2022-3614
In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-01-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved