CVE-2018-18850

In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server (for self-hosted installations by default, SYSTEM).
References
Link Resource
https://github.com/OctopusDeploy/Issues/issues/5042 Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*
cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*

Information

Published : 2018-10-30 20:29

Updated : 2022-07-27 09:40


NVD link : CVE-2018-18850

Mitre link : CVE-2018-18850


JSON object : View

Advertisement

dedicated server usa

Products Affected

octopus

  • octopus_server