Authenticated User Denial of Service Vulnerability in Octopus Deploy

Authenticated User Denial of Service Vulnerability in Octopus Deploy

CVE-2019-19376 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. (The fix for this was also backported to LTS 2019.9.8 and LTS 2019.6.14.)

Learn more about our Api Penetration Testing.