8.8

CVE-2018-5706

EPSS 0.2%
Veröffentlicht 16.01.2018 10:29:00
Zuletzt bearbeitet 21.11.2024 04:09:12
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Octopus ≫ Octopus Deploy Version < 4.1.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.419

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://github.com/OctopusDeploy/Issues/issues/4167

Third Party Advisory

Issue Tracking

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2018-5706

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-5706

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-5706

EUVD