PT-2017-14945 · Octopus Deploy · Octopus Deploy

Published

2017-12-13

Updated

2019-10-03

CVE-2017-17665

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Octopus Deploy versions prior to 4.1.3

Description The issue allows for an access-control bypass due to the machine update process not checking user access to all environments. This means a user may be able to access environments they should not have access to, as the set of environments a machine is scoped to may include those the user lacks access to.

Recommendations For versions prior to 4.1.3, update to version 4.1.3 or later to resolve the issue.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2017-17665

Affected Products

Octopus Deploy

PT-2017-14945 · Octopus Deploy · Octopus Deploy

CVE-2017-17665

Weakness Enumeration

Related Identifiers

Affected Products

References · 3