In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. (The fix for this was also backported to LTS 2019.9.8 and LTS 2019.6.14.)
References
Link | Resource |
---|---|
https://github.com/OctopusDeploy/Issues/issues/6005 | Third Party Advisory |
https://github.com/OctopusDeploy/Issues/issues/6005 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:34
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/OctopusDeploy/Issues/issues/6005 - Third Party Advisory |
Information
Published : 2019-11-28 17:15
Updated : 2024-11-21 04:34
NVD link : CVE-2019-19376
Mitre link : CVE-2019-19376
CVE.ORG link : CVE-2019-19376
JSON object : View
Products Affected
octopus
- octopus_deploy