PT-2018-9977 · Octopus Deploy · Octopus Deploy
Publicado
2018-05-01
·
Atualizado
2018-06-13
·
CVE-2018-10581
CVSS v2.0
5.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
Octopus Deploy versions 3.4.x through 2018.4.6
Description:
The issue allows an authenticated user to view, update, or save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs when the authenticated user belongs to multiple teams, and one of the teams has the
VariableEdit or VariableView permissions for the Environment.Recommendations:
For Octopus Deploy versions 3.4.x through 2018.4.6, update to version 2018.4.7 or later to resolve the issue.
Exploit
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Octopus Deploy