Octopus Server Error Message Handling Vulnerability Allowing Code Injection

Vulnerability

A vulnerability exists in certain versions of Octopus Server due to improper handling of error messages on the error page. This flaw allows an adversary to inject code into the error message, which could then affect the user viewing the error.

Impact

Exploitation of this vulnerability could lead to code injection, allowing an attacker to execute arbitrary code in the context of the user viewing the error message.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.7

exploitability

4.5

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.7

exploitability

4.5

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Octopus Server Error Message Handling Vulnerability Allowing Code Injection

Vulnerability

Impact

Affected Products

Octopus Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating