Known Vulnerabilities for products from Octopus

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Octopus".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-31822 When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This ... 7.8 - HIGH 2021-11-24 2021-11-29
CVE-2021-31821 When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes... Not Provided 2022-01-19 2022-01-19
CVE-2021-31820 In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the passw... 7.5 - HIGH 2021-08-18 2021-08-25
CVE-2021-31819 In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems... 9.8 - CRITICAL 2021-09-22 2021-09-29
CVE-2021-31818 Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because ... 4.3 - MEDIUM 2021-06-17 2021-06-21
CVE-2021-31817 When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database pass... 7.5 - HIGH 2021-07-08 2021-07-12
CVE-2021-31816 When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database pass... 7.5 - HIGH 2021-07-08 2021-07-12
CVE-2021-30183 Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running im... 7.5 - HIGH 2021-05-14 2021-05-25
CVE-2021-26557 When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unp... 7.8 - HIGH 2021-10-07 2021-10-15
CVE-2021-26556 When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unpri... 7.8 - HIGH 2021-10-07 2021-10-15
CVE-2021-21270 OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and T... 5.5 - MEDIUM 2021-01-22 2021-02-01
CVE-2020-27155 An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacl... 7.5 - HIGH 2020-10-22 2020-10-30
CVE-2020-26161 In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header. 6.1 - MEDIUM 2020-10-26 2020-11-09
CVE-2020-25825 In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs. 7.5 - HIGH 2020-10-12 2020-10-26
CVE-2020-24566 In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4.1, if an authenticated user creates a deployment or run... 7.5 - HIGH 2020-09-09 2020-09-10
CVE-2020-16197 An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is o... 4.3 - MEDIUM 2020-08-25 2020-08-31
CVE-2020-14470 In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks ... 6.5 - MEDIUM 2020-06-19 2021-07-21
CVE-2020-12286 In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the TaskView permission is not scoped to any dimension. For exa... 4.3 - MEDIUM 2020-04-28 2021-07-21
CVE-2020-10678 In Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an auth... 8.8 - HIGH 2020-03-19 2021-07-21
CVE-2019-19376 In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request th... 6.5 - MEDIUM 2019-11-28 2021-07-21

Known software with vulnerabilities from Octopus

Type Vendor Product Version
ApplicationOctopusOctopus Deploy0.9
ApplicationOctopusOctopusdsc2.0.103
ApplicationOctopusServer-
Trademarks for Octopus obtained from uspto.report
Mark Image Details
PYTHEAS SOFTWARE & SERVICES
"PYTHEAS SOFTWARE & SERVICES"
2545553 75464622
1998-04-08

Popular searches for "Octopus"

Octopus

Octopus The octopus is a soft-bodied, eight-limbed mollusc of the order Octopoda. Around 300 species are recognised, and the order is grouped within the class Cephalopoda with squids, cuttlefish, and nautiloids. Like other cephalopods, the octopus is bilaterally symmetric with two eyes and a beak, with its mouth at the center point of the eight limbs. The soft body can rapidly alter its shape, enabling octopuses to squeeze through small gaps. They trail their eight appendages behind them as they swim. Wikipedia

Octopus

Octopus Octopus is a 414-foot megayacht owned by the Jody Allen-controlled estate of the late Paul Allen. It is one of the world's largest yachts. Launched in 2003 at a cost of $200 million, Octopus is a private vessel that has been lent out for exploration projects, scientific research initiatives and rescue missions. Wikipedia

© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report