PT-2017-14945 · Octopus Deploy · Octopus Deploy
Publicado
2017-12-13
·
Atualizado
2019-10-03
·
CVE-2017-17665
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Octopus Deploy versions prior to 4.1.3
Description
The issue allows for an access-control bypass due to the machine update process not checking user access to all environments. This means a user may be able to access environments they should not have access to, as the set of environments a machine is scoped to may include those the user lacks access to.
Recommendations
For versions prior to 4.1.3, update to version 4.1.3 or later to resolve the issue.
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Octopus Deploy