CVE-2017-11348
Published
CVSS v3
N/A
CVSS v2
6.3
MEDIUM
Affected
1
PROJECT
Description
In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value.
| Public | Bug reports and known issues for Octopus Deploy and all related tools
GitHub