CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-18850

In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server (for self-hosted installations by default, SYSTEM).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.037

EPSS Ranking 87.5%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

Products affected by CVE-2018-18850

Octopus » Octopus Server » Version: 2018.8.0

cpe:2.3:a:octopus:octopus_server:2018.8.0
Octopus » Octopus Server » Version: 2018.8.1

cpe:2.3:a:octopus:octopus_server:2018.8.1
Octopus » Octopus Server » Version: 2018.8.10

cpe:2.3:a:octopus:octopus_server:2018.8.10
Octopus » Octopus Server » Version: 2018.8.11

cpe:2.3:a:octopus:octopus_server:2018.8.11
Octopus » Octopus Server » Version: 2018.8.12

cpe:2.3:a:octopus:octopus_server:2018.8.12
Octopus » Octopus Server » Version: 2018.8.2

cpe:2.3:a:octopus:octopus_server:2018.8.2
Octopus » Octopus Server » Version: 2018.8.3

cpe:2.3:a:octopus:octopus_server:2018.8.3
Octopus » Octopus Server » Version: 2018.8.4

cpe:2.3:a:octopus:octopus_server:2018.8.4
Octopus » Octopus Server » Version: 2018.8.5

cpe:2.3:a:octopus:octopus_server:2018.8.5
Octopus » Octopus Server » Version: 2018.8.6

cpe:2.3:a:octopus:octopus_server:2018.8.6
Octopus » Octopus Server » Version: 2018.8.7

cpe:2.3:a:octopus:octopus_server:2018.8.7
Octopus » Octopus Server » Version: 2018.8.8

cpe:2.3:a:octopus:octopus_server:2018.8.8
Octopus » Octopus Server » Version: 2018.8.9

cpe:2.3:a:octopus:octopus_server:2018.8.9
Octopus » Octopus Server » Version: 2018.9.0

cpe:2.3:a:octopus:octopus_server:2018.9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-18850

Products

Pricing

Contact Us