Known Vulnerabilities for Octopus Deploy by Octopus
Listed below are 10 of the newest known vulnerabilities associated with "Octopus Deploy" by "Octopus".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-2247 json | In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function | 5.3 - MEDIUM | 2023-05-02 | 2023-12-14 |
| CVE-2022-23184 json | In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will ... | 6.1 - MEDIUM | 2022-02-07 | 2022-07-27 |
| CVE-2022-3614 json | In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass au... | 6.1 - MEDIUM | 2023-01-03 | 2023-03-23 |
| CVE-2022-3460 json | In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmask... | 7.5 - HIGH | 2023-01-03 | 2023-08-08 |
| CVE-2022-2013 json | In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental featur... | 7.5 - HIGH | 2022-06-13 | 2022-06-17 |
| CVE-2022-1670 json | When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users... | 7.5 - HIGH | 2022-05-19 | 2022-07-27 |
| CVE-2021-26556 json | When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unpri... | 7.8 - HIGH | 2021-10-07 | 2023-11-07 |
| CVE-2020-27155 json | An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacl... | 7.5 - HIGH | 2020-10-22 | 2020-10-30 |
| CVE-2020-26161 json | In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header. | 6.1 - MEDIUM | 2020-10-26 | 2022-06-03 |
| CVE-2020-25825 json | In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs. | 7.5 - HIGH | 2020-10-12 | 2020-10-26 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Octopus | Octopus Deploy | 4.1.9 | |||
| Application | Octopus | Octopus Deploy | 4.1.8 | |||
| Application | Octopus | Octopus Deploy | 4.1.7 | |||
| Application | Octopus | Octopus Deploy | 4.1.6 | |||
| Application | Octopus | Octopus Deploy | 4.1.5 | |||
| Application | Octopus | Octopus Deploy | 4.1.4 | |||
| Application | Octopus | Octopus Deploy | 4.1.3 | |||
| Application | Octopus | Octopus Deploy | 4.1.2 | |||
| Application | Octopus | Octopus Deploy | 4.1.10 | |||
| Application | Octopus | Octopus Deploy | 4.1.1 | |||
| Application | Octopus | Octopus Deploy | 4.1.0 | |||
| Application | Octopus | Octopus Deploy | 4.0.9 | |||
| Application | Octopus | Octopus Deploy | 4.0.8 | |||
| Application | Octopus | Octopus Deploy | 4.0.7 | |||
| Application | Octopus | Octopus Deploy | 4.0.6 | |||
| Application | Octopus | Octopus Deploy | 4.0.5 | |||
| Application | Octopus | Octopus Deploy | 4.0.4 | |||
| Application | Octopus | Octopus Deploy | 4.0.3 | |||
| Application | Octopus | Octopus Deploy | 4.0.2 | |||
| Application | Octopus | Octopus Deploy | 4.0.11 |