) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:octopus:octopus_server:2023.1.9788:*:*:*:*:*:*:*
- CPE Name Search: true
There are 5 matching records.
Displaying matches 1 through 5.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-1904 |
In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server. Published: December 14, 2023; 3:15:36 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2022-2416 |
In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment. Published: August 02, 2023; 2:15:10 AM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2022-2346 |
In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints. Published: August 01, 2023; 10:15:12 PM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2022-4870 |
In affected versions of Octopus Deploy it is possible to discover network details via error message Published: May 17, 2023; 8:15:09 PM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
| CVE-2022-2507 |
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage Published: April 19, 2023; 4:15:07 AM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |