Octopus Server
Moderate fix2 remedies
cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*, +1 more
Moderate fix2 remedies
- ~2.6
- ~3
- ~4
- ~2018
- ~2019
- ~2020
- ~2021
- ~2022
- ~2023
- ~2024.1
- ~2024
- ~2024.3
- ~2024.4
Octopus Deploy Server-Side Request Forgery Vulnerability Allowing Account Compromise
Vulnerability
Patched
A server-side request forgery (SSRF) vulnerability has been identified in Octopus Deploy running on Microsoft Windows. This vulnerability allows an attacker to manipulate the server into sending requests that include authentication information. As a result, the attacker could compromise the account associated with Octopus Server and potentially affect the underlying host infrastructure.
Impact
Exploitation of this vulnerability could lead to unauthorized access to the account running Octopus Server, with possible repercussions for the host infrastructure.
Remediation
Users are advised to upgrade Octopus Server to version 2024.4.7065 or 2024.3.13071. The latest version can be downloaded from the Octopus Deploy website, while previous versions are available from the Octopus Deploy previous versions page.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
5.0impact
7.5exploitability
5.0remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.