CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-4862

HIGH
8.8
CVSS Severity Score
EPSS Score0.1080%
EPSS Percentile29.13th
Published2018年1月3日
Last Modified2024年11月21日

Vulnerability Description

In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges.

Affected Platforms (CPE)

📦
Octopus

Octopus Deploy

>= 3.2.11 and <= 4.1.5

References & Advisories

🔗 https://github.com/OctopusDeploy/Issues/issues/4134
🔗 https://github.com/OctopusDeploy/Issues/issues/4134

関連する脆弱性情報

CVE-2018-113209.8

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfus...

CVE-2018-57068.8

An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves...

CVE-2017-176658.8

In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows...

CVE-2018-188508.8

In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes ...

CVE-2018-4862 Detail & Impact Analysis | CVSS 8.8 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space