Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, from 2024.3.0 before 2024.3.12766.

Related CPE's

a

octopus

octopus_server

3

o

linux

linux_kernel

-

o

microsoft

windows

-

References

https://advisories.octopus.com/post/2024/sa2024-09/

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-89

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-09-30T21:15:02.527Z

1 year ago

Last modified

2025-07-02T15:25:50.983Z

6 months ago