(Hosted only) Local path configuration disclosed when uploading maliciously crafted package #5971
Labels
kind/bug
This issue represents a verified problem we are committed to solving
Milestone
Note: affects customers on Octopus Cloud hosted instances. For all other customers this was fixed in #5956
An authenticated user could upload a maliciously crafted package, triggering an exception that discloses details of the underlying operating system.
CVE:
CVE-2019-19084Relates to https://github.com/OctopusDeploy/OctopusDeploy/issues/4684
The text was updated successfully, but these errors were encountered: