Show filters
111 Total Results
Displaying 81-90 of 111
Sort by:
Attacker Value
Unknown
CVE-2018-11320
Disclosure Date: May 21, 2018 (last updated November 26, 2024)
In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs.
0
Attacker Value
Unknown
CVE-2018-10581
Disclosure Date: May 01, 2018 (last updated November 26, 2024)
In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple teams, where one of the Teams has the VariableEdit permission or VariableView permissions for the Environment.
0
Attacker Value
Unknown
CVE-2018-10550
Disclosure Date: April 30, 2018 (last updated November 26, 2024)
In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to.
0
Attacker Value
Unknown
CVE-2018-9039
Disclosure Date: March 27, 2018 (last updated November 26, 2024)
In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments.
0
Attacker Value
Unknown
CVE-2018-5469
Disclosure Date: March 06, 2018 (last updated November 26, 2024)
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An improper restriction of excessive authentication vulnerability in the web interface has been identified, which may allow an attacker to brute force authentication.
0
Attacker Value
Unknown
CVE-2018-5471
Disclosure Date: March 06, 2018 (last updated November 26, 2024)
A Cleartext Transmission of Sensitive Information issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A cleartext transmission of sensitive information vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack.
0
Attacker Value
Unknown
CVE-2018-5465
Disclosure Date: March 06, 2018 (last updated November 26, 2024)
A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A session fixation vulnerability in the web interface has been identified, which may allow an attacker to hijack web sessions.
0
Attacker Value
Unknown
CVE-2018-5467
Disclosure Date: March 06, 2018 (last updated November 26, 2024)
An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user.
0
Attacker Value
Unknown
CVE-2018-5461
Disclosure Date: March 06, 2018 (last updated November 26, 2024)
An Inadequate Encryption Strength issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An inadequate encryption strength vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack.
0
Attacker Value
Unknown
CVE-2018-5706
Disclosure Date: January 16, 2018 (last updated November 26, 2024)
An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission.
0