Skip to main content

Octopusdeploy

2 CVEs product

Monthly

CVE-2019-1003071 Maven HIGH PATCH This Week

Jenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Octopusdeploy
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-1003027 Maven MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SSRF Jenkins Octopusdeploy
NVD
CVSS 3.0
4.3
EPSS
1.0%
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Octopusdeploy
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java SSRF Jenkins +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy