CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-2075
https://notcve.org/view.php?id=CVE-2022-2075
19 Aug 2022 — In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation. En versiones afectadas de Octopus Deploy es posible llevar a cabo una denegación de servicio Regex dirigida a una comprobación de la petición de información de construcción. • https://advisories.octopus.com/post/2022/sa2022-12 •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-2074
https://notcve.org/view.php?id=CVE-2022-2074
19 Aug 2022 — In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template. En versiones afectadas de Octopus Deploy es posible llevar a cabo una Denegación de Servicio Regex usando la Plantilla de Proyecto Variable. • https://advisories.octopus.com/post/2022/sa2022-11 •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-2049
https://notcve.org/view.php?id=CVE-2022-2049
19 Aug 2022 — In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function. En versiones afectadas de Octopus Deploy es posible llevar a cabo una Denegación de Servicio Regex por medio de la función package upload. • https://advisories.octopus.com/post/2022/sa2022-10 •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-30532
https://notcve.org/view.php?id=CVE-2022-30532
19 Jul 2022 — In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy. En las versiones afectadas de Octopus Deploy, no se presenta registro de los cambios en los artefactos dentro de Octopus Deploy. • https://advisories.octopus.com/post/2022/sa2022-08 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1670
https://notcve.org/view.php?id=CVE-2022-1670
19 May 2022 — When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users. Cuando es generado un código de invitación de usuario en Octopus Server, la comprobación de este código puede establecerse para un número específico de usuarios. Era posible omitir esta restricción de comprobación para crear cuentas de usuario adicionales p... • https://advisories.octopus.com/post/2022/sa2022-04 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-16197
https://notcve.org/view.php?id=CVE-2020-16197
25 Aug 2020 — An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain certificate metadata by associating a certificate with certain resources that should fail scope validation. Se detectó un problema en Octopus Deploy versión 3.4. • https://github.com/OctopusDeploy/Issues/issues/6529 • CWE-295: Improper Certificate Validation •
CVSS: 6.3EPSS: 1%CPEs: 192EXPL: 0CVE-2017-11348
https://notcve.org/view.php?id=CVE-2017-11348
17 Jul 2017 — In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value. En Octopus Deploy versión 3.x anterior a 3.15.4, un usuario autenticado con permiso PackagePush para cargar paquetes podría cargar un paquete NuGet creado con fines maliciosos, sobrescribiendo potencialmente otros paquetes o modificando... • https://github.com/OctopusDeploy/Issues/issues/3654 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •