Versions
2024.2.101
2019.7.0
2023.1.4189
2020.5.0
2019.7.3
2022.3.348
2024.1
2018.1.0
2021.1.1
2021.2.994
2018.3.1
2018.8.2
2022.1.0
2023.4.296
2022.1.1495
unspecified
2018.9
2018.3.0
2018.9.17
2022.1.2121
3.2.10
3.5
2024.2
3.0.19
2023.1.0
2022.2.5205
0.9
2019.4.0
3.16.4
2020.6.4671
3.12.0
2022.2.6729
2024.1.437
2022.4.791
3.5.1
2021.1.7149
3.0
2022.2.7897
2019.5.7
2023.1
2019.1.0
2022.4.8332
2023.2.0
Recent CVEs
CVE-2024-1656
Affected versions of Octopus Server had a weak content security policy.
CVE-2024-7998
In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan.
CVE-2024-6972
In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text.
CVE-2024-4811
In affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacts.
CVE-2024-4456
In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page.
CVE-2023-4509
It is possible for an API key to be logged in clear text in the audit log file after an invalid login attempt.
CVE-2024-2975
A race condition was identified through which privilege escalation was possible in certain configurations.