Octopus: >> Octopus Server >> 2021.3.12920 Security Vulnerabilities
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-08-19
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-08-19
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-08-19
In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-08-19
In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-07-19
In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-07-15
In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-07-15
Page 4