CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-18850

HIGH
8.8
CVSS Severity Score
EPSS Score0.1840%
EPSS Percentile22.19th
Published2018年10月31日
Last Modified2024年11月21日

Vulnerability Description

In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server (for self-hosted installations by default, SYSTEM).

Affected Platforms (CPE)

📦
Octopus

Octopus Server

>= 2018.8.0 and <= 2018.8.12
📦
Octopus

Octopus Server

>= 2018.9.0 and < 2018.9.1

References & Advisories

🔗 https://github.com/OctopusDeploy/Issues/issues/5042
🔗 https://github.com/OctopusDeploy/Issues/issues/5042

相关漏洞威胁

CVE-2020-106788.8

In Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authentic...

CVE-2021-265567.8

When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileg...

CVE-2021-301837.5

Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import ...

CVE-2021-318167.5

When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password ...