Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server (for self-hosted installations by default, SYSTEM).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Octopus Deploy 输入验证错误漏洞
Vulnerability Description
Octopus Deploy是澳大利亚Octopus Deploy公司的一款用于.NET、Java等应用程序的开发部署的自动化工具。 Octopus Deploy 2018.8.0版本至2018.9.0版本中存在安全漏洞。攻击者可通过上传恶意制作的YAML配置利用该漏洞执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A