CVE-2019-19376 — MEDIUM (6.5)

Q: How severe is CVE-2019-19376?

CVE-2019-19376 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-19376?

Check the references section above for vendor advisories and patch information. Affected products include: Octopus Octopus Deploy.

Vulnerability Description

In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of service condition. (The fix for this was also backported to LTS 2019.9.8 and LTS 2019.6.14.)

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Octopus	Octopus Deploy	< 2019.10.7

Related Weaknesses (CWE)

CWE-20 CWE-476

References

https://github.com/OctopusDeploy/Issues/issues/6005Third Party Advisory
https://github.com/OctopusDeploy/Issues/issues/6005Third Party Advisory

FAQ

What is CVE-2019-19376?

CVE-2019-19376 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdit permission could send a malformed Team API request that bypasses input validation and causes an application level denial of serv...

How severe is CVE-2019-19376?

CVE-2019-19376 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-19376?

Check the references section above for vendor advisories and patch information. Affected products include: Octopus Octopus Deploy.