Security Advisory

CVE-2017-11348

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-07-17 00:00:00

Last updated 2024-08-05 18:05:30

Assigner mitre

State PUBLISHED

Description

In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value.

← Browse all CVEs View on cve.org ↗