CVE-2017-11348

Name of the Vulnerable Software and Affected Versions Octopus Deploy versions prior to 3.15.4

Description The issue allows an authenticated user with PackagePush permission to upload a maliciously crafted NuGet package. This could potentially lead to overwriting other packages or modifying system files due to a directory traversal vulnerability in the PackageId value.

Recommendations For versions prior to 3.15.4, update to version 3.15.4 or later to resolve the issue. As a temporary workaround, consider restricting the PackagePush permission to trusted users only until the update is applied.