CVE-2023-1904
https://notcve.org/view.php?id=CVE-2023-1904
In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server. En las versiones afectadas de Octopus Server, es posible que el secreto del cliente OpenID se registre en texto plano durante la configuración de Octopus Server. • https://advisories.octopus.com/post/2023/sa2023-12 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2022-2416
https://notcve.org/view.php?id=CVE-2022-2416
In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment. • https://advisories.octopus.com/post/2023/sa2023-11 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2022-2346
https://notcve.org/view.php?id=CVE-2022-2346
In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints. • https://advisories.octopus.com/post/2023/sa2023-10 •
CVE-2022-4870
https://notcve.org/view.php?id=CVE-2022-4870
In affected versions of Octopus Deploy it is possible to discover network details via error message • https://advisories.octopus.com/post/2023/sa2023-09 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2022-2507
https://notcve.org/view.php?id=CVE-2022-2507
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage • https://advisories.octopus.com/post/2023/sa2023-06 •