Vulnerability Details CVE-2019-19376
In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. (The fix for this was also backported to LTS 2019.9.8 and LTS 2019.6.14.)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.9%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2019-19376
-
cpe:2.3:a:octopus:octopus_deploy:2019.6.0
-
cpe:2.3:a:octopus:octopus_deploy:2019.6.1
-
cpe:2.3:a:octopus:octopus_deploy:2019.6.10
-
cpe:2.3:a:octopus:octopus_deploy:2019.6.11
-
cpe:2.3:a:octopus:octopus_deploy:2019.6.12
-
cpe:2.3:a:octopus:octopus_deploy:2019.6.13
-
cpe:2.3:a:octopus:octopus_deploy:2019.6.2
-
cpe:2.3:a:octopus:octopus_deploy:2019.6.3
-
cpe:2.3:a:octopus:octopus_deploy:2019.6.4
-
cpe:2.3:a:octopus:octopus_deploy:2019.6.5
-
cpe:2.3:a:octopus:octopus_deploy:2019.6.6
-
cpe:2.3:a:octopus:octopus_deploy:2019.6.7
-
cpe:2.3:a:octopus:octopus_deploy:2019.6.8
-
cpe:2.3:a:octopus:octopus_deploy:2019.6.9
-
cpe:2.3:a:octopus:octopus_deploy:2019.7
-
cpe:2.3:a:octopus:octopus_deploy:2019.9.0
-
cpe:2.3:a:octopus:octopus_deploy:2019.9.1
-
cpe:2.3:a:octopus:octopus_deploy:2019.9.2
-
cpe:2.3:a:octopus:octopus_deploy:2019.9.3
-
cpe:2.3:a:octopus:octopus_deploy:2019.9.4
-
cpe:2.3:a:octopus:octopus_deploy:2019.9.5
-
cpe:2.3:a:octopus:octopus_deploy:2019.9.6
-
cpe:2.3:a:octopus:octopus_deploy:2019.9.7