CVE-2024-9194

Summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, from 2024.3.0 before 2024.3.12766.

Affected Software

VendorProductVersion RangeStatus
Linux and Microsoft WindowsOctopus Server2024.1.0 < 2024.1.13038affected
Linux and Microsoft WindowsOctopus Server2024.2.0 < 2024.2.9482affected
Linux and Microsoft WindowsOctopus Server2024.3.0 < 2024.3.12766affected

Weaknesses

  • CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References