CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2416
https://notcve.org/view.php?id=CVE-2022-2416
02 Aug 2023 — In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment. • https://advisories.octopus.com/post/2023/sa2023-11 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2346
https://notcve.org/view.php?id=CVE-2022-2346
02 Aug 2023 — In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints. • https://advisories.octopus.com/post/2023/sa2023-10 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-4870
https://notcve.org/view.php?id=CVE-2022-4870
18 May 2023 — In affected versions of Octopus Deploy it is possible to discover network details via error message • https://advisories.octopus.com/post/2023/sa2023-09 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-4008
https://notcve.org/view.php?id=CVE-2022-4008
10 May 2023 — In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service • https://advisories.octopus.com/post/2023/sa2023-08 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2507
https://notcve.org/view.php?id=CVE-2022-2507
19 Apr 2023 — In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage • https://advisories.octopus.com/post/2023/sa2023-06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-4009
https://notcve.org/view.php?id=CVE-2022-4009
16 Mar 2023 — In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation • https://advisories.octopus.com/post/2023/sa2023-05 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-2258
https://notcve.org/view.php?id=CVE-2022-2258
13 Mar 2023 — In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items • https://advisories.octopus.com/post/2023/sa2023-03 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-2259
https://notcve.org/view.php?id=CVE-2022-2259
13 Mar 2023 — In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items • https://advisories.octopus.com/post/2023/sa2023-04 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2883
https://notcve.org/view.php?id=CVE-2022-2883
22 Feb 2023 — In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service • https://advisories.octopus.com/post/2023/sa2023-02 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3614
https://notcve.org/view.php?id=CVE-2022-3614
03 Jan 2023 — In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation. • https://advisories.octopus.com/post/2022/sa2022-26 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •