CVE-2017-16801

Name of the Vulnerable Software and Affected Versions Octopus Deploy versions 3.7.0 through 3.17.13

Description A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name parameter. This could potentially lead to unauthorized actions on the affected system.

Recommendations For versions 3.7.0 through 3.17.13, update to version 3.17.14 to resolve the issue. As a temporary workaround, consider restricting access to the Step Template Name parameter until the update is applied.