Shodan
Vulnerabilities
Vulnerable Software
Octopus:  >> Octopus Server  Security Vulnerabilities
CVE-2022-2507
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage
CVSS Score
5.3
EPSS Score
0.002
Published
2023-04-19
CVE-2022-4009
In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation
CVSS Score
8.8
EPSS Score
0.004
Published
2023-03-16
CVE-2022-2258
In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items
CVSS Score
4.3
EPSS Score
0.001
Published
2023-03-13
CVE-2022-2259
In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items
CVSS Score
4.3
EPSS Score
0.001
Published
2023-03-13
CVE-2022-2883
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
CVSS Score
7.5
EPSS Score
0.002
Published
2023-02-22
CVE-2022-4898
In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken to prevent the possibility of the support link being susceptible to XSS
CVSS Score
5.4
EPSS Score
0.0
Published
2023-01-31
CVE-2022-3614
In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-01-03
CVE-2022-3460
In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-01-03
CVE-2022-2721
In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-11-25
CVE-2022-2572
In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-11-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved