Search Results | AttackerKB

100 Total Results

Displaying 31-40 of 100

Attacker Value

Unknown

CVE-2022-2782

Disclosure Date: October 27, 2022 (last updated December 22, 2024)

In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters.

Attacker Value

Unknown

CVE-2022-2508

Disclosure Date: October 27, 2022 (last updated December 22, 2024)

In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2022-2780

Disclosure Date: October 14, 2022 (last updated October 08, 2023)

In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2022-2828

Disclosure Date: October 13, 2022 (last updated October 08, 2023)

In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability

Attack Vector: Network Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2022-2720

Disclosure Date: October 12, 2022 (last updated October 08, 2023)

In affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value masking will only partially work.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2022-2783

Disclosure Date: October 06, 2022 (last updated December 22, 2024)

In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2022-2781

Disclosure Date: October 06, 2022 (last updated December 22, 2024)

In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2022-2778

Disclosure Date: September 30, 2022 (last updated October 08, 2023)

In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2022-2760

Disclosure Date: September 28, 2022 (last updated October 08, 2023)

In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space.

Attack Vector: Network Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2022-2528

Disclosure Date: September 09, 2022 (last updated October 08, 2023)

In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages.

Attack Vector: Network Privileges: Low User Interaction: None

100 Total Results

Displaying 31-40 of 100

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Quick Cookie Notification