CVE-2020-10678

HIGH

8.8

CVSS Severity Score

EPSS Score0.1550%

EPSS Percentile37.49th

PublishedMar 19, 2020

Last ModifiedNov 21, 2024

Vulnerability Description

In Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges.

Affected Platforms (CPE)

📦

Octopus

Octopus Deploy

< 2020.1.5

References & Advisories

🔗 https://github.com/OctopusDeploy/Issues/issues/6258

Related Vulnerabilities

CVE-2018-113209.8

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfus...

CVE-2018-48628.8

In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an A...

CVE-2017-176658.8

In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows...

CVE-2018-57068.8

An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves...