CVE-2024-9194

CRITICAL

Octopus Server 2024.1.0-2024.1.13037, 2024.2.0-2024.2.9481, 2024.3.0-2024.3.12765 - SQL Injection

Title source: llm
STIX 2.1

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, from 2024.3.0 before 2024.3.12766.

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.0042
EPSS Percentile 33.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
octopus/octopus_server 2024.1.437 - 2024.1.13038
Published Sep 30, 2024
Tracked Since Feb 18, 2026