PT-2019-15768 · Octopus Deploy · Octopus Deploy
Gupta-Kartik
·
Published
2019-11-18
·
Updated
2019-11-20
·
CVE-2019-19084
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Octopus Deploy versions 3.3.0 through 2019.10.4
Description
The issue allows an authenticated user with PackagePush permission to upload a maliciously crafted package. This can trigger an exception that exposes underlying operating system details.
Recommendations
For versions 3.3.0 through 2019.10.4, update to a version that contains a fix for this issue to prevent the upload of malicious packages and exposure of operating system details.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Octopus Deploy