Vulnerabilidades en Octopus Deploy
66 resultadosCVE-2025-0589MEDIUMIn affected versions of Octopus Deploy where customers are using Active Directory for authentication it was possible for an unauthenticated EPSS 0.3%CVE-2024-12226MEDIUMIn affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in cleEPSS 0.3%CVE-2026-0704MEDIUMIn affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field EPSS 0.3%CVE-2025-0526LOWIn affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field EPSS 0.3%CVE-2021-26557—When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user EPSS 0.3%CVE-2024-4226LOWIt was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and pEPSS 0.3%CVE-2025-0539MEDIUMIn affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authenticEPSS 0.3%CVE-2022-2346MEDIUMIn affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints.EPSS 0.3%CVE-2022-2416MEDIUMIn affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of anEPSS 0.3%CVE-2024-4456MEDIUMIn affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page.EPSS 0.3%CVE-2021-26556—When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user usEPSS 0.3%CVE-2024-4811LOWIn affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacEPSS 0.2%CVE-2024-7998LOWIn affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespEPSS 0.2%CVE-2024-1656LOWAffected versions of Octopus Server had a weak content security policy.EPSS 0.2%CVE-2024-6972MEDIUMIn affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in cEPSS 0.2%CVE-2023-4509MEDIUMIt is possible for an API key to be logged in clear text in the audit log file after an invalid login attempt.EPSS 0.2%CVE-2025-0513LOWIn affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of theEPSS 0.2%CVE-2022-2783—In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF tokenEPSS 0.2%CVE-2021-31822—When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to aEPSS 0.2%CVE-2026-4881MEDIUMIn affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make serverEPSS 0.2%