Known Vulnerabilities
CVE-2024-4456
In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page.
MEDIUM
CVSS 4.1
Published May 08, 2024
CVE-2022-4870
In affected versions of Octopus Deploy it is possible to discover network details via error message
UNKNOWN
CVSS 5.3
Published May 18, 2023
CVE-2022-2778
In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes.
UNKNOWN
CVSS 9.8
Published Sep 30, 2022
CVE-2022-2528
In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages.
UNKNOWN
Published Sep 09, 2022