CVE-2024-4456

Summary

In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page.

Affected Software

VendorProductVersion RangeStatus
Octopus DeployOctopus Server3.0 < 2023.3.13361affected
Octopus DeployOctopus Server2023.4.296 < 2023.4.8338affected
Octopus DeployOctopus Server2024.1.437 < 2024.1.11127affected

Weaknesses

  • Stored XSS in Audit Page

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References