Octopus Deploy 2020.3

CPE Details

Octopus Deploy 2020.3
octopus
octopus_deploy
2020.3
2020-09-10
14h11 +00:00
2020-10-28
12h13 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:octopus:octopus_deploy:2020.3:*:*:*:*:*:*:*

Informations

Vendor

octopus

Product

octopus_deploy

Version

2020.3

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-2247 2023-05-01 22h00 +00:00 In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function
5.3
Moyen
CVE-2021-26556 2021-10-06 23h00 +00:00 When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access.
7.8
Haute
CVE-2020-26161 2020-10-26 16h29 +00:00 In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header.
6.1
Moyen
CVE-2020-27155 2020-10-22 14h48 +00:00 An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one.
7.5
Haute
CVE-2020-25825 2020-10-12 14h09 +00:00 In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs.
7.5
Haute
CVE-2020-24566 2020-09-09 13h31 +00:00 In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4.1, if an authenticated user creates a deployment or runbook process using Azure steps and sets the step's execution location to run on the server/worker, then (under certain circumstances) the account password is exposed in cleartext in the verbose task logs output.
7.5
Haute