CVE-2020-16197
- EPSS 0.55%
- Veröffentlicht 25.08.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 05:06:54
An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to...
CVE-2019-19085
- EPSS 0.62%
- Veröffentlicht 18.11.2019 16:15:12
- Zuletzt bearbeitet 21.11.2024 04:34:10
A persistent cross-site scripting (XSS) vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote authenticated attackers to inject arbitrary web script or HTML.
CVE-2019-15507
- EPSS 0.63%
- Veröffentlicht 23.08.2019 06:15:10
- Zuletzt bearbeitet 21.11.2024 04:28:53
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployme...
CVE-2019-15508
- EPSS 0.66%
- Veröffentlicht 23.08.2019 06:15:10
- Zuletzt bearbeitet 21.11.2024 04:28:53
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deploymen...