Octopus Server vulnerabilities
64 known vulnerabilities affecting octopus/octopus_server.
Total CVEs
64
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH18MEDIUM36LOW4
Vulnerabilities
Page 4 of 4
CVE-2024-4226P4LOWCVSS 3.5≥ 2022.2.6729, < 2022.2.7934≥ 2022.3.348, < 2022.3.91632024-04-30
CVE-2024-4226 [LOW] CWE-276 CVE-2024-4226: It was identified that in certain versions of Octopus Server, that a user created with no permission
It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.
nvd
CVE-2024-4811P4LOWCVSS 2.2≥ 2023.1.4189, < 2023.4.8608≥ 2024.1.437, < 2024.1.12759+1 more2024-07-25
CVE-2024-4811 [LOW] CWE-863 CVE-2024-4811: In affected versions of Octopus Server under certain conditions, a user with specific role assignmen
In affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacts.
nvd
CVE-2024-1656P4LOWCVSS 2.6≥ 2018.1.0, < 2024.2.91932024-09-11
CVE-2024-1656 [LOW] CVE-2024-1656: Affected versions of Octopus Server had a weak content security policy.
Affected versions of Octopus Server had a weak content security policy.
nvd
CVE-2024-7998P4LOWCVSS 2.6≥ 2022.4.8332, < 2024.1.12931≥ 2024.2.101, < 2024.2.93132024-08-21
CVE-2024-7998 [LOW] CWE-613 CVE-2024-7998: In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could
In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan.
nvd
← Previous4 / 4