CVE-2024-9194
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, from 2024.3.0 before 2024.3.12766.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Timeline
NVD published the first details for CVE-2024-9194
Feedly found the first article mentioning CVE-2024-9194. See article
Feedly estimated the CVSS score as HIGH
EPSS Score was set to: 0.04% (Percentile: 9.6%)
A CVSS base score of 4.3 has been assigned.
CVE-2024-9194 is a SQL Injection vulnerability identified in Octopus Server, which poses a significant risk to the integrity of the database and could potentially allow unauthorized access to sensitive data. The criticality of this vulnerability is underscored by its potential for exploitation, although specific details regarding active exploitation, CVSS score, proof-of-concept exploits, mitigations, detections, or patches are not provided in the available information. Additionally, there is no mention of downstream impacts on other third-party vendors or technologies related to this vulnerability. See article