Jburger

**Name of the Vulnerable Software and Affected Versions** Octopus Deploy versions 2018.8.0 through 2018.9.0 **Description** The issue allows an authenticated user with permission to modify deployment processes to upload a maliciously crafted YAML configuration. This could potentially allow for remote execution of arbitrary code, running in the same context as the Octopus Server, which by default is SYSTEM for self-hosted installations. **Recommendations** For versions 2018.8.0 through 2018.9.0, update to version 2018.9.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Octopus Deploy versions 3.0 through 2018.6.6 **Description** The issue allows an authenticated user with incorrect permissions to potentially create Accounts under the Infrastructure menu. **Recommendations** For Octopus Deploy versions 3.0 through 2018.6.6, update to version 2018.6.7 or later to resolve the issue.