What is CVE-2018-18850?

CVE-2018-18850 is a vulnerability in N/a. Published 2018-10-31.

Is CVE-2018-18850 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-18850

In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary…

EPSS: 0.523 (98.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

github.com/OctopusDeploy/Issues/issues/5042 (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-18850?: CVE-2018-18850 is a vulnerability in N/a. Published 2018-10-31.
Is CVE-2018-18850 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.