Shodan
Vulnerabilities
Vulnerable Software
Octopus:  >> Octopus Server  >> 2020.1.17  Security Vulnerabilities
CVE-2025-0539
In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastructure itself.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-04-10
CVE-2025-0588
In affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all server responses. By submitting a specifically crafted referrer header the user could ensure that all subsequent server responses would return 500 errors rendering the site mostly unusable. The user would be able to subsequently set and unset the referrer header to control the denial of service state with a valid CSRF token whilst new CSRF tokens could not be generated.
CVSS Score
4.9
EPSS Score
0.001
Published
2025-02-11
CVE-2024-1656
Affected versions of Octopus Server had a weak content security policy.
CVSS Score
2.6
EPSS Score
0.001
Published
2024-09-11
CVE-2024-4456
In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page.
CVSS Score
4.1
EPSS Score
0.002
Published
2024-05-08
CVE-2023-4509
It is possible for an API key to be logged in clear text in the audit log file after an invalid login attempt.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-04-18
CVE-2024-2975
A race condition was identified through which privilege escalation was possible in certain configurations.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-04-09
CVE-2022-2416
In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-08-02
CVE-2022-2346
In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-08-02
CVE-2022-4870
In affected versions of Octopus Deploy it is possible to discover network details via error message
CVSS Score
5.3
EPSS Score
0.002
Published
2023-05-18
CVE-2022-4008
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
CVSS Score
5.5
EPSS Score
0.0
Published
2023-05-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved