CVE-2022-2507
https://notcve.org/view.php?id=CVE-2022-2507
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage • https://advisories.octopus.com/post/2023/sa2023-06 •
CVE-2022-4009
https://notcve.org/view.php?id=CVE-2022-4009
In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation • https://advisories.octopus.com/post/2023/sa2023-05 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2022-2259
https://notcve.org/view.php?id=CVE-2022-2259
In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items • https://advisories.octopus.com/post/2023/sa2023-04 •
CVE-2022-2258
https://notcve.org/view.php?id=CVE-2022-2258
In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items • https://advisories.octopus.com/post/2023/sa2023-03 •
CVE-2022-2883
https://notcve.org/view.php?id=CVE-2022-2883
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service • https://advisories.octopus.com/post/2023/sa2023-02 • CWE-434: Unrestricted Upload of File with Dangerous Type •