Octopus Server 3.2.4

CPE Details

Octopus Server 3.2.4
octopus
octopus_server
3.2.4
2022-07-27
12h50 +00:00
2022-07-27
13h17 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:octopus:octopus_server:3.2.4:*:*:*:*:*:*:*

Informations

Vendor

octopus

Product

octopus_server

Version

3.2.4

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2022-4870 2023-05-17 22h00 +00:00 In affected versions of Octopus Deploy it is possible to discover network details via error message
5.3
Moyen
CVE-2022-4008 2023-05-10 00h00 +00:00 In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
5.5
Moyen
CVE-2022-2507 2023-04-19 00h00 +00:00 In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage
5.3
Moyen
CVE-2022-4009 2023-03-16 00h00 +00:00 In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation
8.8
Haute
CVE-2022-2883 2023-02-22 00h00 +00:00 In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
7.5
Haute
CVE-2022-2508 2022-10-26 22h00 +00:00 In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging.
5.3
Moyen
CVE-2022-2782 2022-10-25 22h00 +00:00 In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters.
9.1
Critique
CVE-2022-2778 2022-09-29 22h00 +00:00 In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes.
9.8
Critique
CVE-2022-2528 2022-09-09 05h50 +00:00 In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages.
6.5
Moyen
CVE-2022-2075 2022-08-19 07h10 +00:00 In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.
7.5
Haute
CVE-2022-2074 2022-08-19 07h00 +00:00 In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template.
7.5
Haute
CVE-2022-2049 2022-08-19 06h45 +00:00 In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.
7.5
Haute
CVE-2022-30532 2022-07-19 04h50 +00:00 In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy.
5.3
Moyen
CVE-2022-1670 2022-05-19 02h25 +00:00 When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users.
7.5
Haute
CVE-2017-11348 2017-07-16 22h00 +00:00 In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value.
5.7
Moyen