CVE-2024-9194

Name of the Vulnerable Software and Affected Versions Octopus Server versions 2024.1.0 through 2024.1.13038 Octopus Server versions 2024.2.0 through 2024.2.9482 Octopus Server versions 2024.3.0 through 2024.3.12766

Description This issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. The vulnerability allows SQL Injection, which can be exploited remotely. It is recommended to patch the affected versions immediately to mitigate risks.

Recommendations For Octopus Server versions 2024.1.0 through 2024.1.13038, update to a version after 2024.1.13038. For Octopus Server versions 2024.2.0 through 2024.2.9482, update to a version after 2024.2.9482. For Octopus Server versions 2024.3.0 through 2024.3.12766, update to a version after 2024.3.12766. As a temporary workaround, consider restricting access to vulnerable API endpoints or disabling features that use SQL commands until a patch is available.