Shodan
Vulnerabilities
Vulnerable Software
Octopus:  >> Octopus Server  >> 3.13.7  Security Vulnerabilities
CVE-2025-0539
In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastructure itself.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-04-10
CVE-2024-4456
In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page.
CVSS Score
4.1
EPSS Score
0.002
Published
2024-05-08
CVE-2024-2975
A race condition was identified through which privilege escalation was possible in certain configurations.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-04-09
CVE-2022-4870
In affected versions of Octopus Deploy it is possible to discover network details via error message
CVSS Score
5.3
EPSS Score
0.002
Published
2023-05-18
CVE-2022-4008
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
CVSS Score
5.5
EPSS Score
0.0
Published
2023-05-10
CVE-2022-2507
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage
CVSS Score
5.3
EPSS Score
0.002
Published
2023-04-19
CVE-2022-4009
In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation
CVSS Score
8.8
EPSS Score
0.004
Published
2023-03-16
CVE-2022-2883
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
CVSS Score
7.5
EPSS Score
0.002
Published
2023-02-22
CVE-2022-3614
In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-01-03
CVE-2022-2572
In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-11-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved