CVE-2022-4008
https://notcve.org/view.php?id=CVE-2022-4008
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service • https://advisories.octopus.com/post/2023/sa2023-08 • CWE-400: Uncontrolled Resource Consumption •
CVE-2022-2507
https://notcve.org/view.php?id=CVE-2022-2507
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage • https://advisories.octopus.com/post/2023/sa2023-06 •
CVE-2022-2883
https://notcve.org/view.php?id=CVE-2022-2883
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service • https://advisories.octopus.com/post/2023/sa2023-02 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2022-2508
https://notcve.org/view.php?id=CVE-2022-2508
In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging. En las versiones afectadas de Octopus Server es posible revelar la existencia de recursos en un espacio al que el usuario no tiene acceso debido a mensajes de error detallados. • https://advisories.octopus.com/post/2022/sa2022-22 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2022-2782
https://notcve.org/view.php?id=CVE-2022-2782
In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters. En las versiones afectadas de Octopus Server, es posible que un token de sesión sea válido indefinidamente debido a una validación incorrecta de los parámetros del token de sesión. • https://advisories.octopus.com/post/2022/sa2022-21 • CWE-613: Insufficient Session Expiration •