CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-26556

HIGH
7.8
CVSS Severity Score
EPSS Score0.1390%
EPSS Percentile33.74th
Published2021年10月7日
Last Modified2024年11月21日

Vulnerability Description

When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access.

Affected Platforms (CPE)

📦
Octopus

Octopus Deploy

>= 0.9 and < 2020.4.229
📦
Octopus

Octopus Server

>= 2020.5.0 and < 2020.5.256

References & Advisories

🔗 https://advisories.octopus.com/adv/2021-01---Local-privilege-escalation-in-Octopus-Server-%28CVE-2021-26556%29.1733296189.html
🔗 https://advisories.octopus.com/adv/2021-01---Local-privilege-escalation-in-Octopus-Server-%28CVE-2021-26556%29.1733296189.html

相關漏洞威脅

CVE-2018-113209.8

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfus...

CVE-2018-48628.8

In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an A...

CVE-2017-176658.8

In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows...

CVE-2018-57068.8

An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves...