CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2022-2074
https://notcve.org/view.php?id=CVE-2022-2074
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template. En versiones afectadas de Octopus Deploy es posible llevar a cabo una Denegación de Servicio Regex usando la Plantilla de Proyecto Variable. • https://advisories.octopus.com/post/2022/sa2022-11 •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2022-2049
https://notcve.org/view.php?id=CVE-2022-2049
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function. En versiones afectadas de Octopus Deploy es posible llevar a cabo una Denegación de Servicio Regex por medio de la función package upload. • https://advisories.octopus.com/post/2022/sa2022-10 •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-30532
https://notcve.org/view.php?id=CVE-2022-30532
In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy. En las versiones afectadas de Octopus Deploy, no se presenta registro de los cambios en los artefactos dentro de Octopus Deploy. • https://advisories.octopus.com/post/2022/sa2022-08 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1670
https://notcve.org/view.php?id=CVE-2022-1670
When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users. Cuando es generado un código de invitación de usuario en Octopus Server, la comprobación de este código puede establecerse para un número específico de usuarios. Era posible omitir esta restricción de comprobación para crear cuentas de usuario adicionales por encima del número inicial de usuarios invitados • https://advisories.octopus.com/post/2022/sa2022-04 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-16197
https://notcve.org/view.php?id=CVE-2020-16197
An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain certificate metadata by associating a certificate with certain resources that should fail scope validation. Se detectó un problema en Octopus Deploy versión 3.4. • https://github.com/OctopusDeploy/Issues/issues/6529 https://github.com/OctopusDeploy/Issues/issues/6530 https://github.com/OctopusDeploy/Issues/issues/6531 • CWE-295: Improper Certificate Validation •