31 results (0.006 seconds)

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment. • https://advisories.octopus.com/post/2023/sa2023-11 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints. • https://advisories.octopus.com/post/2023/sa2023-10 •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

In affected versions of Octopus Deploy it is possible to discover network details via error message • https://advisories.octopus.com/post/2023/sa2023-09 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service • https://advisories.octopus.com/post/2023/sa2023-08 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage • https://advisories.octopus.com/post/2023/sa2023-06 •