Octopus Server File Existence Information Disclosure Vulnerability

Vulnerability

A vulnerability exists in certain versions of Octopus Server that allows the preview import feature to be used for file existence probing. This could enable an adversary to gather information about the presence of specific files on the server, potentially facilitating further attacks.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure, allowing attackers to identify the existence of files that may be targeted in subsequent attacks against the server.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Octopus Server File Existence Information Disclosure Vulnerability

Vulnerability

Impact

Affected Products

Octopus Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating