CVE-2019-19376
MEDIUMOctopus Deploy < 2019.10.7 and 2019.6.0-2019.6.13 - Authenticated Denial of Service via Malformed Team API Request
Title source: llmDescription
In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. (The fix for this was also backported to LTS 2019.9.8 and LTS 2019.6.14.)
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/OctopusDeploy/Issues/issues/6005
Scores
CVSS v3
6.5
EPSS
0.0099
EPSS Percentile
58.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
CWE-476
Status
published
Products (2)
octopus/octopus_deploy
< 2019.10.7
octopus/octopus_deploy
2019.6.0 - 2019.6.14
Published
Nov 28, 2019
Tracked Since
Feb 18, 2026