Every CVE whose affected-product data names Octopus Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2021-31816 — CVSS 7.5 (high): When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is…
CVE-2021-30183 — CVSS 7.5 (high): Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export…
CVE-2021-31817 — CVSS 7.5 (high): When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is…
CVE-2019-15507 — CVSS 6.5 (medium): In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited…
CVE-2019-15508 — CVSS 6.5 (medium): In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited…
CVE-2019-19085 — CVSS 5.4 (medium): A persistent cross-site scripting (XSS) vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote authenticated attackers to…
CVE-2020-16197 — CVSS 4.3 (medium): An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the…
CVE-2021-31818 — CVSS 4.3 (medium): Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied…
CVE-2022-1502 — CVSS 4.3 (medium): Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users…