Show filters
14 Total Results
Displaying 11-14 of 14
Sort by:
Attacker Value
Unknown

CVE-2024-4456

Disclosure Date: May 08, 2024 (last updated May 08, 2024)
In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page.
0
0
Attacker Value
Unknown

CVE-2024-4226

Disclosure Date: April 30, 2024 (last updated April 30, 2024)
It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.
0
0
Attacker Value
Unknown

CVE-2023-4509

Disclosure Date: April 18, 2024 (last updated April 18, 2024)
It is possible for an API key to be logged in clear text in the audit log file after an invalid login attempt.
0
0
Attacker Value
Unknown

CVE-2024-2975

Disclosure Date: April 09, 2024 (last updated April 10, 2024)
A race condition was identified through which privilege escalation was possible in certain configurations.
0
0
View More Topics  < Previous