Octopus Deploy 2019.1.9

CPE Details

Octopus Deploy 2019.1.9
octopus
octopus_deploy
2019.1.9
2019-06-09
16h23 +00:00
2022-07-27
14h41 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:octopus:octopus_deploy:2019.1.9:*:*:*:*:*:*:*

Informations

Vendor

octopus

Product

octopus_deploy

Version

2019.1.9

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-2247 2023-05-01 22h00 +00:00 In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function
5.3
Medium
CVE-2022-23184 2022-02-07 01h35 +00:00 In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects.
6.1
Medium
CVE-2021-26556 2021-10-06 23h00 +00:00 When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access.
7.8
High
CVE-2020-27155 2020-10-22 14h48 +00:00 An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one.
7.5
High
CVE-2020-25825 2020-10-12 14h09 +00:00 In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs.
7.5
High
CVE-2020-14470 2020-06-19 12h48 +00:00 In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password.
6.5
Medium
CVE-2020-12286 2020-04-28 04h06 +00:00 In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the TaskView permission is not scoped to any dimension. For example, a scoped user who is scoped to only one tenant can view server tasks scoped to any other tenant.
4.3
Medium
CVE-2020-10678 2020-03-19 13h31 +00:00 In Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges.
8.8
High
CVE-2019-19084 2019-11-18 14h36 +00:00 In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details.
4.3
Medium
CVE-2019-14268 2019-07-25 13h55 +00:00 In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authenticated user (in certain limited circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.3. The fix was back-ported to LTS 2019.6.5 as well as LTS 2019.3.7.
6.5
Medium
CVE-2019-11632 2019-05-01 11h07 +00:00 In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. (These permissions are only used in custom User Roles and do not affect built in User Roles.)
8.1
High