Show filters
111 Total Results
Displaying 41-50 of 111
Sort by:
Attacker Value
Unknown

CVE-2022-2783

Disclosure Date: October 06, 2022 (last updated February 24, 2025)
In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-2781

Disclosure Date: October 06, 2022 (last updated February 24, 2025)
In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-2778

Disclosure Date: September 30, 2022 (last updated February 24, 2025)
In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-2760

Disclosure Date: September 28, 2022 (last updated February 24, 2025)
In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-2528

Disclosure Date: September 09, 2022 (last updated February 24, 2025)
In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-2075

Disclosure Date: August 19, 2022 (last updated October 08, 2023)
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-2074

Disclosure Date: August 19, 2022 (last updated October 08, 2023)
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-2049

Disclosure Date: August 19, 2022 (last updated October 08, 2023)
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-1901

Disclosure Date: August 19, 2022 (last updated February 24, 2025)
In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-30532

Disclosure Date: July 19, 2022 (last updated October 07, 2023)
In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  < Previous  Next >