Hello,
Is the latest Octopus Server vulnerable to the spring4shell ZD RCE ?
Spring4Shell Details and Exploit Analysis - Cyber Kendra
If so how do I handle this.
Hello,
Is the latest Octopus Server vulnerable to the spring4shell ZD RCE ?
Spring4Shell Details and Exploit Analysis - Cyber Kendra
If so how do I handle this.
Thank you for contacting Octopus Support.
Thankfully, Octopus Cloud, Octopus Tentacle, and Octopus Server are not affected by this vulnerability, but we do have some external integrations that do call spring-core
from their upstream product. Our team has analyzed these integrations and found that they DO NOT meet the criteria for this vulnerability to be applicable.
The details of this are as follows:
Octopus’ Bamboo Integration is NOT vulnerable to this exploit.
Octopus’ Jenkins Integration is NOT vulnerable to this exploit.
Octopus’ TeamCity Integration is NOT vulnerable to this exploit.
Octopus’ Java SDK is NOT vulnerable to this exploit.
If you have any further questions or concerns, please don’t hesitate to reach out, and we’ll do our best to assist further.
Regards,
Paul
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.