cbcvebase.

Octopus Server vulnerabilities

64 known vulnerabilities affecting octopus/octopus_server.

Total CVEs
64
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH18MEDIUM36LOW4

Vulnerabilities

Page 4 of 4
CVE-2024-4226P4LOWCVSS 3.5≥ 2022.2.6729, < 2022.2.7934≥ 2022.3.348, < 2022.3.91632024-04-30
CVE-2024-4226 [LOW] CWE-276 CVE-2024-4226: It was identified that in certain versions of Octopus Server, that a user created with no permission It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.
nvd
CVE-2024-4811P4LOWCVSS 2.2≥ 2023.1.4189, < 2023.4.8608≥ 2024.1.437, < 2024.1.12759+1 more2024-07-25
CVE-2024-4811 [LOW] CWE-863 CVE-2024-4811: In affected versions of Octopus Server under certain conditions, a user with specific role assignmen In affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacts.
nvd
CVE-2024-1656P4LOWCVSS 2.6≥ 2018.1.0, < 2024.2.91932024-09-11
CVE-2024-1656 [LOW] CVE-2024-1656: Affected versions of Octopus Server had a weak content security policy. Affected versions of Octopus Server had a weak content security policy.
nvd
CVE-2024-7998P4LOWCVSS 2.6≥ 2022.4.8332, < 2024.1.12931≥ 2024.2.101, < 2024.2.93132024-08-21
CVE-2024-7998 [LOW] CWE-613 CVE-2024-7998: In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan.
nvd
Octopus Server vulnerabilities | cvebase