Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XSS vulnerability #5960

Closed
gupta-kartik opened this issue Nov 4, 2019 · 3 comments
Closed

XSS vulnerability #5960

gupta-kartik opened this issue Nov 4, 2019 · 3 comments
Assignees
@gupta-kartik
Labels
kind/bug This issue represents a verified problem we are committed to solving LTS/2019.9 This issue affects 2019.9 LTS
Milestone
2019.9.5

Comments

@gupta-kartik
Copy link

gupta-kartik commented Nov 4, 2019
edited by matt-richardson

An authenticated user with edit permissions could upload a maliciously crafted file, allowing attackers to inject arbitrary web script or HTML.

CVE: CVE-2019-19085

#5961 also affected 2019.9 LTS. The fix has been shipped in the LTS patch indicated by the milestone. If you are using 2019.9 LTS we highly recommend applying this patch.

Learn about the Octopus Server LTS program.

Relates to https://github.com/OctopusDeploy/OctopusDeploy/issues/4642
@gupta-kartik gupta-kartik added the kind/bug This issue represents a verified problem we are committed to solving label Nov 4, 2019
@gupta-kartik gupta-kartik added this to the 2019.9.5 milestone Nov 4, 2019
@gupta-kartik
Copy link
Author

Closed by https://github.com/OctopusDeploy/OctopusDeploy/pull/4667

@gupta-kartik
Copy link
Author

Release Note: Details coming soon

@gupta-kartik gupta-kartik added the LTS/2019.9 This issue affects 2019.9 LTS label Nov 4, 2019
@matt-richardson matt-richardson changed the title Placeholder Issue XSS vulnerability Nov 17, 2019
@lock
Copy link

lock bot commented Feb 16, 2020

This thread has been automatically locked since there has not been any recent activity after it was closed. If you think you've found a related issue, please contact our support team so we can triage your issue, and make sure it's handled appropriately.

@lock lock bot locked as resolved and limited conversation to collaborators Feb 16, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@gupta-kartik gupta-kartik

Labels
kind/bug This issue represents a verified problem we are committed to solving LTS/2019.9 This issue affects 2019.9 LTS
Projects
None yet
Milestone
2019.9.5
Development

No branches or pull requests
2 participants
@TomPeters @gupta-kartik