CVE-2019-19084

Publication date

2019-11-18 15:36:51

Family

mitre

State

PUBLISHED

Description

In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details.