CPE Details
Octopus Server 2022.3.10750
2022.3.10750
2023-02-07
10h44 +00:00
10h44 +00:00
2023-03-01
18h50 +00:00
18h50 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:octopus:octopus_server:2022.3.10750:*:*:*:*:*:*:*
Informations
Vendor
octopusProduct
octopus_serverVersion
2022.3.10750Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server. | 7.5 |
High |
||
| In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment. | 5.5 |
Medium |
||
| In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints. | 5.5 |
Medium |
||
| In affected versions of Octopus Deploy it is possible to discover network details via error message | 5.3 |
Medium |
||
| In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service | 5.5 |
Medium |
||
| In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage | 5.3 |
Medium |
||
| In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items | 4.3 |
Medium |
||
| In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items | 4.3 |
Medium |
||
| In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service | 7.5 |
High |
2025©
tesweb SA
