Octopus: >> Octopus Deploy Security Vulnerabilities
In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value.
CVSS Score
5.7
EPSS Score
0.01
Published
2017-07-17
Page 4