7.5
CVE-2018-10550
- EPSS 0.22%
- Veröffentlicht 30.04.2018 04:29:00
- Zuletzt bearbeitet 21.11.2024 03:41:32
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginIn Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Octopus ≫ Octopus Deploy Version < 2018.4.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.448 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.