PT-2018-14689 · Octopus · Octopus Deploy
Jburger
·
Publicado
2018-10-31
·
Atualizado
2022-07-27
·
CVE-2018-18850
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Octopus Deploy versions 2018.8.0 through 2018.9.0
Description
The issue allows an authenticated user with permission to modify deployment processes to upload a maliciously crafted YAML configuration. This could potentially allow for remote execution of arbitrary code, running in the same context as the Octopus Server, which by default is SYSTEM for self-hosted installations.
Recommendations
For versions 2018.8.0 through 2018.9.0, update to version 2018.9.1 or later to resolve the issue.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Octopus Deploy