XSS vulnerability #5960
Labels
kind/bug
This issue represents a verified problem we are committed to solving
LTS/2019.9
This issue affects 2019.9 LTS
Milestone
An authenticated user with edit permissions could upload a maliciously crafted file, allowing attackers to inject arbitrary web script or HTML.
CVE: CVE-2019-19085
#5961 also affected
2019.9 LTS
. The fix has been shipped in the LTS patch indicated by the milestone. If you are using2019.9 LTS
we highly recommend applying this patch.Learn about the Octopus Server LTS program.
Relates to https://github.com/OctopusDeploy/OctopusDeploy/issues/4642
The text was updated successfully, but these errors were encountered: