VYPR

Server

by Octopus

Source repositories

CVEs (64)

  • CVE-2024-4811LowJul 25, 2024
    risk 0.14cvss 2.2epss 0.00

    In affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacts.

  • CVE-2026-8296Jun 19, 2026
    risk 0.00cvss epss 0.00

    In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts.

  • CVE-2026-3236Mar 5, 2026
    risk 0.00cvss epss 0.00

    In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint the access token.

  • CVE-2026-0704Feb 25, 2026
    risk 0.00cvss epss 0.00

    In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows.

Page 4 of 4