Shodan
Vulnerabilities
Vulnerable Software
Octopus:  >> Octopus Server  >> 0.9.600.163  Security Vulnerabilities
CVE-2026-3237
In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this vulnerability.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-03-17
CVE-2024-2975
A race condition was identified through which privilege escalation was possible in certain configurations.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-04-09
CVE-2022-4008
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
CVSS Score
5.5
EPSS Score
0.0
Published
2023-05-10
CVE-2022-2507
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage
CVSS Score
5.3
EPSS Score
0.003
Published
2023-04-19
CVE-2022-2883
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
CVSS Score
7.5
EPSS Score
0.005
Published
2023-02-22
CVE-2022-2508
In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-10-27
CVE-2022-2782
In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters.
CVSS Score
9.1
EPSS Score
0.003
Published
2022-10-27
CVE-2022-2049
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-08-19
CVE-2022-2074
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-08-19
CVE-2022-2075
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-08-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved