Octopus Deploy · Octopus Deploy · CVE-2018-5706
Name of the Vulnerable Software and Affected Versions:
Octopus Deploy versions prior to 4.1.9
Description:
An issue allows users with user editing permissions to modify teams and grant themselves Administer System permissions, even if they did not originally have these permissions. This can be achieved through the use of the `RoleEdit` or `TeamEdit` permission.
Recommendations:
For versions prior to 4.1.9, update to version 4.1.9 or later to resolve the issue.