Lucene search
+L

9 matches found

nvd
nvd
added 2019/11/18 4:15 p.m.16 views

CVE-2019-19084

In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details...

4.3CVSS4.5AI score0.00689EPSS
Exploits0References1
prion
prion
added 2019/11/18 4:15 p.m.20 views

Design/Logic Flaw

In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details...

4CVSS4.6AI score0.00689EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2019/11/18 3:36 p.m.19 views

CVE-2019-19084

In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details...

4.6AI score0.00689EPSS
Exploits0References1
cve
cve
added 2019/11/18 3:36 p.m.67 views

CVE-2019-19084

CVE-2019-19084 affects Octopus Deploy server (versions 3.3.0–2019.10.4). An authenticated user with PackagePush permission can upload a specially crafted package, triggering an exception that reveals underlying operating system details. Consequences are exposure of OS information via error handli...

4.3CVSS4.5AI score0.00689EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2017/07/17 1:18 p.m.13 views

CVE-2017-11348

In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value...

6.3CVSS5.5AI score0.01222EPSS
Exploits0References1
osv
osv
added 2017/07/17 1:18 p.m.16 views

CVE-2017-11348

In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value...

5.7CVSS6.6AI score0.01222EPSS
Exploits0References1
prion
prion
added 2017/07/17 1:18 p.m.13 views

Directory traversal

In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value...

6.3CVSS5.5AI score0.01222EPSS
Exploits0References1Affected Software2
cve
cve
added 2017/07/17 12:0 a.m.54 views

CVE-2017-11348

Octopus Deploy 3.x pre-3.15.4 is affected. An authenticated user with PackagePush permission can upload a malicious NuGet package that may overwrite other packages or modify system files due to a directory traversal flaw in the PackageId value. Affected component: package upload handling in Octop...

6.3CVSS5.4AI score0.01222EPSS
Exploits0References1Affected Software2
cvelist
cvelist
added 2017/07/17 12:0 a.m.22 views

CVE-2017-11348

In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value...

5.5AI score0.01222EPSS
Exploits0References1
Rows per page
Query Builder