CVE-2019-19376

MEDIUM

Octopus Deploy < 2019.10.7 and 2019.6.0-2019.6.13 - Authenticated Denial of Service via Malformed Team API Request

Title source: llm
STIX 2.1

Description

In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. (The fix for this was also backported to LTS 2019.9.8 and LTS 2019.6.14.)

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/OctopusDeploy/Issues/issues/6005

Scores

CVSS v3 6.5
EPSS 0.0099
EPSS Percentile 58.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-20 CWE-476
Status published
Products (2)
octopus/octopus_deploy < 2019.10.7
octopus/octopus_deploy 2019.6.0 - 2019.6.14
Published Nov 28, 2019
Tracked Since Feb 18, 2026