← Voltar para CVEs
CVE-2024-9194
CRITICAL9.8
Descricao
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, from 2024.3.0 before 2024.3.12766.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado9/30/2024
Ultima modificacao7/2/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
linux:linux_kernelmicrosoft:windowsoctopus:octopus_server
Fraquezas (CWE)
CWE-89
Referencias
https://advisories.octopus.com/post/2024/sa2024-09/(security@octopus.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.