Main Vulnerability Database Vulnerabilities #VU30573

Input validation error in Octopus Deploy - CVE-2019-19376

Published: November 28, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU30573

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-19376

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Octopus Deploy

Affected software:
Octopus Deploy

Detailed vulnerability description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. (The fix for this was also backported to LTS 2019.9.8 and LTS 2019.6.14.)

How to mitigate CVE-2019-19376

Install update from vendor's website.

Sources

https://github.com/OctopusDeploy/Issues/issues/6005

Input validation error in Octopus Deploy - CVE-2019-19376

Detailed vulnerability description

How to mitigate CVE-2019-19376

Sources

Please verify you're human