NotCVE - vendor:"Octopus" product:"Octopus Server" version:" >= 2020.1.0 <= 2020.6.5449"

Page 2 of 30 results (0.009 seconds)

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-4009

https://notcve.org/view.php?id=CVE-2022-4009

In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation • https://advisories.octopus.com/post/2023/sa2023-05 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-2259

https://notcve.org/view.php?id=CVE-2022-2259

In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items • https://advisories.octopus.com/post/2023/sa2023-04 •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-2258

https://notcve.org/view.php?id=CVE-2022-2258

In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items • https://advisories.octopus.com/post/2023/sa2023-03 •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-2883

https://notcve.org/view.php?id=CVE-2022-2883

In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service • https://advisories.octopus.com/post/2023/sa2023-02 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-4898

https://notcve.org/view.php?id=CVE-2022-4898

In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken to prevent the possibility of the support link being susceptible to XSS En las versiones afectadas de Octopus Server, la barra lateral de ayuda se puede personalizar para incluir un payload de Cross-Site Scripting en el enlace de soporte. Esto se resolvió inicialmente en el aviso 2022-07, sin embargo, se identificó que la solución podría omitirse en determinadas circunstancias. Se adoptó un enfoque diferente para evitar la posibilidad de que el enlace de soporte sea susceptible a XSS. • https://advisories.octopus.com/post/2022/sa2023-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4 5