5.5

CVE-2018-10581

Exploit

EPSS 0.23%
Veröffentlicht 01.05.2018 13:29:00
Zuletzt bearbeitet 21.11.2024 03:41:36
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple teams, where one of the Teams has the VariableEdit permission or VariableView permissions for the Environment.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Octopus ≫ Octopus Deploy Version >= 3.4.0 < 2018.4.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.427

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov	5.5	8	4.9	AV:N/AC:L/Au:S/C:P/I:P/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/OctopusDeploy/Issues/issues/4474

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2018-10581

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-10581

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-10581

EUVD