CVE-2017-11348
Description
In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value.
Risk Information
Base Score
5.7
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.626
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.0 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.1 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.10 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.11 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.12 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.13 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.14 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.15 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.16 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.17 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.18 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.19 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.2 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.20 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.21 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.22 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.23 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.24 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.25 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.26 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.3 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.4 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.5 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.6 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.7 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.8 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.0.9 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.1.0 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.1.0.beta0001 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.1.0.beta0002 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.1.1 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.1.12 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.1.13 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.1.2 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.1.3 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.1.4 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.1.5 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.1.6 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.1.7 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.10.0 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.10.1 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.11.0 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.11.1 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.11.10 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.11.11 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.11.12 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.11.13 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.11.14 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.11.15 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.11.16 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.11.17 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.11.18 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.11.2 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.11.3 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.11.4 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.11.5 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.11.6 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.11.7 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.11.9 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.12.0 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.12.1 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.12.2 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.12.3 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.12.4 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.12.5 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.12.6 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.12.7 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.12.9 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.13.0 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.13.1 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.13.10 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.13.2 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.13.3 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.13.5 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.13.6 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.13.7 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.13.9 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.14.1 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.14.15 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.14.159 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.14.1592 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.14.15926 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.15.0 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.15.1 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.15.2 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.15.3 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.2.0 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.2.0.beta0001 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.2.1 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.2.10 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.2.11 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.2.15 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.2.16 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.2.17 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.2.19 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.2.2 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.2.20 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.2.21 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.2.22 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.2.23 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.2.24 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.2.3 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.2.4 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.2.6 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.2.7 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.2.8 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.2.9 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.0 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.0.beta0001 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.0.beta0002 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.1 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.10 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.11 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.12 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.14 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.15 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.16 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.17 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.18 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.19 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.2 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.20 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.21 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.22 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.24 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.25 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.26 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.27 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.3 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.4 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.5 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.6 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.8 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.3.9 | Windows |
| Vulnerabilities CVE-2017-11348,CVE-2020-16197 are affected in Octopus Server 3.4.0 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.4.0.beta0001 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.4.0.beta0002 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.4.1 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.4.10 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.4.11 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.4.12 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.4.13 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.4.14 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.4.15 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.4.3 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.4.4 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.4.5 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.4.6 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.4.7 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.4.8 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.4.9 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.5.1 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.5.2 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.5.4 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.5.5 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.5.6 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.5.7 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.5.8 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.5.9 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.6.1 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.6.2 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.7.1 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.7.10 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.7.11 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.7.12 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.7.13 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.7.14 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.7.15 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.7.16 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.7.17 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.7.18 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.7.2 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.7.3 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.7.4 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.7.5 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.7.6 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.7.7 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.7.8 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.7.9 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.8.0 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.8.1 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.8.2 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.8.3 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.8.4 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.8.5 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.8.6 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.8.7 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.8.8 | Windows |
| Vulnerabilities CVE-2017-11348 are affected in Octopus Server 3.8.9 | Windows |
| Vulnerabilities CVE-2017-11348,CVE-2022-2049,CVE-2022-2074,CVE-2022-2075 are affected in Octopus Server 3.9.0 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234