CVE-2017-15610

Published: Oct 19, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Octopus before 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an attacker can sign in as the Guest account and export Certificates managed by Octopus, including the private key.

Affected (1)

Products: Octopus: Octopus Deploy

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Octopus Octopus Deploy	Up to 3.17.6

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://github.com/OctopusDeploy/Issues/issues/3869

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://github.com/OctopusDeploy/Issues/issues/3869

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.