Octopus: >> Octopus Server >> 3.13.0 Security Vulnerabilities
When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-05-19
In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value.
CVSS Score
5.7
EPSS Score
0.006
Published
2017-07-17
Page 3