Shodan
Vulnerabilities
Vulnerable Software
Octopus:  >> Octopus Server  >> 3.0.10  Security Vulnerabilities
CVE-2026-3237
In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this vulnerability.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-03-17
CVE-2025-0539
In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastructure itself.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-04-10
CVE-2024-4456
In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page.
CVSS Score
4.1
EPSS Score
0.003
Published
2024-05-08
CVE-2024-2975
A race condition was identified through which privilege escalation was possible in certain configurations.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-04-09
CVE-2022-4870
In affected versions of Octopus Deploy it is possible to discover network details via error message
CVSS Score
5.3
EPSS Score
0.002
Published
2023-05-18
CVE-2022-4008
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
CVSS Score
5.5
EPSS Score
0.0
Published
2023-05-10
CVE-2022-2507
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage
CVSS Score
5.3
EPSS Score
0.003
Published
2023-04-19
CVE-2022-2883
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
CVSS Score
7.5
EPSS Score
0.005
Published
2023-02-22
CVE-2022-2508
In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-10-27
CVE-2022-2782
In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters.
CVSS Score
9.1
EPSS Score
0.003
Published
2022-10-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved