exploitDog

CVE-2018-9039

Опубликовано: 27 мар. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments.

Ссылки

https://github.com/OctopusDeploy/Issues/issues/4407
Exploit
Third Party Advisory
https://octopus.com/downloads/compare?from=2018.3.6&to=2018.3.7
Release Notes
https://github.com/OctopusDeploy/Issues/issues/4407
Exploit
Third Party Advisory
https://octopus.com/downloads/compare?from=2018.3.6&to=2018.3.7
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:octopus:octopus_deploy:*:*:*:*:*:*:*:*

Версия от 2.0 (включая) до 2018.3.7 (исключая)

EPSS

Процентиль: 48%

0.00246

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-862

Связанные уязвимости

GHSA-fvjj-7qvj-cw68

CVSS3: 6.5

github

больше 3 лет назад

In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments.

EPSS

Процентиль: 48%

0.00246

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-862