Описание
In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users (aka UserInvite) can invite users to teams with escalated privileges.
Ссылки
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.17.6 (включая)
cpe:2.3:a:octopus:octopus_deploy:*:*:*:*:*:*:*:*
EPSS
Процентиль: 35%
0.00141
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-732
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users (aka UserInvite) can invite users to teams with escalated privileges.
EPSS
Процентиль: 35%
0.00141
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-732