Octopus: >> Octopus Server >> 0.9.620.3 Security Vulnerabilities
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
CVSS Score
5.5
EPSS Score
0.0
Published
2023-05-10
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage
CVSS Score
5.3
EPSS Score
0.002
Published
2023-04-19
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
CVSS Score
7.5
EPSS Score
0.002
Published
2023-02-22
In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-10-27
In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters.
CVSS Score
9.1
EPSS Score
0.001
Published
2022-10-27
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-08-19
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-08-19
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-08-19
In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-07-19
When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-05-19
Page 1