CVE-2018-5706

HIGH

8.8

CVSS Severity Score

EPSS Score0.0190%

EPSS Percentile43.67th

PublishedJan 16, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission.

Affected Platforms (CPE)

📦

Octopus

Octopus Deploy

< 4.1.9

References & Advisories

🔗 https://github.com/OctopusDeploy/Issues/issues/4167

Related Vulnerabilities

CVE-2018-113209.8

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfus...

CVE-2018-48628.8

In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an A...

CVE-2017-176658.8

In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows...

CVE-2018-188508.8

In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes ...