CVE-2018-5706

Published: Jan 16, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission.

Affected (1)

Products: Octopus: Octopus Deploy

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Octopus Octopus Deploy	Before 4.1.9

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://github.com/OctopusDeploy/Issues/issues/4167

Source: cve@mitre.org

Issue TrackingMitigationThird Party Advisory

https://github.com/OctopusDeploy/Issues/issues/4167

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingMitigationThird Party Advisory

Timeline

No history available yet.