Octopus: >> Octopus Server >> 2022.3.5512 Security Vulnerabilities
In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token
CVSS Score
5.3
EPSS Score
0.002
Published
2022-10-06
In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-09-30
In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-09-28
In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-09-09
Page 4