CVE-2024-9194
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, from 2024.3.0 before 2024.3.12766.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux and Microsoft Windows | Octopus Server | 2024.1.0 < 2024.1.13038 | affected |
| Linux and Microsoft Windows | Octopus Server | 2024.2.0 < 2024.2.9482 | affected |
| Linux and Microsoft Windows | Octopus Server | 2024.3.0 < 2024.3.12766 | affected |
Weaknesses
- CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.