CVE-2023-2247
https://notcve.org/view.php?id=CVE-2023-2247
In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function • https://advisories.octopus.com/post/2023/sa2023-07 •
CVE-2022-2013
https://notcve.org/view.php?id=CVE-2022-2013
In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space. Octopus Server después de la versión 2022.1.1495 y versiones anteriores a 2022.1.2647, si los espacios privados fueron habilitados por medio del flag de funcionalidades experimentales todos los nuevos usuarios tendrían acceso a la Consola de Script dentro de su espacio privado • https://advisories.octopus.com/post/2022/sa2022-05 •