CVE-2018-5706

HIGH

8.8

CVSS Severity Score

EPSS Score0.0190%

EPSS Percentile43.67th

Published2018年1月16日

Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission.

Affected Platforms (CPE)

📦

Octopus

Octopus Deploy

< 4.1.9

References & Advisories

🔗 https://github.com/OctopusDeploy/Issues/issues/4167

相關漏洞威脅

CVE-2018-113209.8

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfus...

CVE-2018-48628.8

In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an A...

CVE-2017-176658.8

In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows...

CVE-2018-188508.8

In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes ...