CVE-2020-27155

Published: Oct 22, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one.

Affected (1)

Products: Octopus: Octopus Deploy

Octopus

1 product

Octopus Deploy

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Octopus Octopus Deploy	From 3.11.13 to 2020.4.4

References (8)

https://github.com/OctopusDeploy

Source: cve@mitre.org

Third Party Advisory

https://github.com/OctopusDeploy/Issues/issues/6637

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://github.com/OctopusDeploy/Issues/issues/6639

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://github.com/OctopusDeploy/Issues/issues/6640

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://github.com/OctopusDeploy

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/OctopusDeploy/Issues/issues/6637

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://github.com/OctopusDeploy/Issues/issues/6639

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://github.com/OctopusDeploy/Issues/issues/6640

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.