In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. (The fix for this was also backported to LTS 2019.9.8 and LTS 2019.6.14.)
References
Link | Resource |
---|---|
https://github.com/OctopusDeploy/Issues/issues/6005 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-11-28T16:16:46
Updated: 2019-11-28T16:16:46
Reserved: 2019-11-28T00:00:00
Link: CVE-2019-19376
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-11-28T17:15:12.777
Modified: 2021-07-21T11:39:23.747
Link: CVE-2019-19376
JSON object: View
Redhat Information
No data.