4.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
22.7%
In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details.
github.com/OctopusDeploy/Issues/issues/5971