CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-2258
https://notcve.org/view.php?id=CVE-2022-2258
In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items • https://advisories.octopus.com/post/2023/sa2023-03 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2883
https://notcve.org/view.php?id=CVE-2022-2883
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service • https://advisories.octopus.com/post/2023/sa2023-02 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3614
https://notcve.org/view.php?id=CVE-2022-3614
In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation. • https://advisories.octopus.com/post/2022/sa2022-26 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3460
https://notcve.org/view.php?id=CVE-2022-3460
In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview. • https://advisories.octopus.com/post/2022/sa2022-25 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-2572
https://notcve.org/view.php?id=CVE-2022-2572
In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked. En las versiones afectadas de Octopus Server donde el acceso es administrado por un proveedor de autenticación externo, era posible que la/las claves API de un usuario deshabilitado/eliminado aún fueran válidas después de que se revocara el acceso. • https://advisories.octopus.com/post/2022/sa2022-23 • CWE-287: Improper Authentication •